Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »

Flamadiddle: May 9, 2004

I'm researching UK Universities' Contact Directories for work and think I just destroyed the University of Manchester's search site by searching for "*" in the contact directory. It churned for a while and now won't respond at all. Nevermind that it looks really vulnerable for SQL injection too.

# ? Apr 29, 2009 10:18

Adbot: ADBOT LOVES YOU

# ? May 14, 2024 16:13

Wheany: Mar 17, 2006; Spinya^{ha^{ha^haha}ha}ha_{ha_{ha_haha}ha}ha!; Doctor Rope

How about "Coding annoyances: post the code that bothers you"

I see numbers needlessly defined in hex all the time.

E.g.
int numberOfApples = 0x05;

What's wrong with a simple
int numberOfApples = 5;

# ? Apr 29, 2009 12:27

Pensive Goat: Dec 31, 2005; What's a hypotenuse?

Wheany posted:

How about "Coding annoyances: post the code that bothers you"

I see numbers needlessly defined in hex all the time.

E.g.
int numberOfApples = 0x05;

What's wrong with a simple
int numberOfApples = 5;

As long as it's a number under 16 it doesn't hurt readability very much.

Though I would be pretty pissed if I saw "int A_MILLION = 0xF4240;" without a very good reason.

# ? Apr 29, 2009 18:51

Thots and Prayers: Jul 13, 2006; A is the for the atrocious abominated acts that YOu committed. A is also for ass-i-nine, eight, seven, and six.

B, b, b - b is for your belligerent, bitchy, bottomless state of affairs, but why?

C is for the cantankerous condition of our character, you have no cut-out.; Grimey Drawer

Wheany posted:

How about "Coding annoyances: post the code that bothers you"

I see numbers needlessly defined in hex all the time.

E.g.
int numberOfApples = 0x05;

What's wrong with a simple
int numberOfApples = 5;

'Cause what they're really typing is this: int numberOfApples = 0x05; :smug:

# ? Apr 29, 2009 19:18

TheSpook: Aug 21, 2007; Spooky!

The Prefuse (link) visualization library for Java is actually pretty neat. In its current setup, however, you end up registering data using a String identifier, indexing those data via that same identifier. Sounds pretty standard. Every field of that data is given a String name, too. Data gets nested in more data. Eventually, you end up with monstrous amounts of string constants

code:

...
public static final String DRAWGROUPS = "drawGroups";
public static final String DRAWFISHEYE = "drawFisheye";
public static final String DRAWFISHSIDE = "drawFisheyeSideSelector";
public static final String DRAWBUTTON = "drawContinueButton";
public static final String DRAWTIP = "drawTip";
...

and end up using statements like

code:

...
m_vis.putAction(Data.DRAWMAPDISTORTION, makeMapCenterDistortion(Data.CTR_GROUP));
item.getVisualization().add(Data.HOVERGROUP, t);
item.getVisualization().run(Data.DRAWHOVERCENTER);
...

So many constants. So many horrifying lines of code. All of Prefuse's tutorials / example code uses this strategy, too

. Sigh.

# ? May 1, 2009 18:13

Dessert Rose: May 17, 2004; awoken in control of a lucid deep dream...

From the iPhone dev thread:

Unparagoned posted:

code:
char ddd[4];
for(int i=1; i<=NUMBEROFUNITS; i++)
	{
		
		sprintf(ddd,"%d",i);
		[b]//printf("begining of LOOP");[/b]
		NSString *StemporyUnitInt=[NSString stringWithFormat: @"%s",
[unitOptionsSQL getSqlEntry: aaa select:cc from:bbb where:eee is:ddd]] ;
		printf("\n index %d", i);
		unitOptionList[i]=[StemporyUnitInt intValue];

		
	}
EDIT: Looks like if I put the folowing at the start of the loop all workds fine. It's fustrating trying to find out what the problem is when everything I try fixes it.
char *testtt;
sprintf(testtt,"%d",i);
printf("testtt %s", testtt);

Jargon posted:
Haha when you pick your variable names do you just like hold down the last key like "one-one thousand, two-one thousand"?

That's too hard, you just copy and paste the code you need and then just add another char to the variables aa->aaa.

# ? May 1, 2009 22:11

spankweasel: Jan 4, 2006

We employed a guy who was trying to learn Python. The code we had him working on was all text manipulation. We showed him the magic of python's printf-esque print statement and let him go.

He would do things like this:

code:

a = "some string"
print "%s" % a

His code caused me to have a migraine the first time I code reviewed it.

note: what he wrote isn't technically wrong but .. why not just do: "print a" ?

# ? May 4, 2009 03:02

fritz: Jul 26, 2003

spankweasel posted:

printf

why not just do: "print a" ?

If you've been doing c for long enough you start to get certain habits.

# ? May 4, 2009 03:08

twodot: Aug 7, 2005; You are objectively correct that this person is dumb and has said dumb things

fritz posted:

If you've been doing c for long enough you start to get certain habits.

edit: This post is retarded don't read it.

If you've been doing C for long enough you start to write code with format string vulnerabilities in it?

twodot fucked around with this message at 05:52 on May 5, 2009

# ? May 4, 2009 16:15

Avenging Dentist: Oct 1, 2005; oh my god is that a circular saw that does not go in my mouth aaaaagh

twodot posted:

If you've been doing C for long enough you start to write code with format string vulnerabilities in it?

Congrats, you don't know printf.

# ? May 4, 2009 16:31

No Safe Word: Feb 26, 2005

twodot posted:

If you've been doing C for long enough you start to write code with format string vulnerabilities in it?

Wait what?

# ? May 4, 2009 16:36

rjmccall: Sep 7, 2007; no worries friend; Fun Shoe

If print were actually printf, then print a would indeed have format-string vulnerabilities. But it isn't; the printf-like thing in that code is python's % operator, which is essentially sprintf.

EDIT: VV I think my reading is correct and twodot just doesn't understand the python code, but I will sharpen the idiot hat nonetheless.

rjmccall fucked around with this message at 18:31 on May 4, 2009

# ? May 4, 2009 18:23

Avenging Dentist: Oct 1, 2005; oh my god is that a circular saw that does not go in my mouth aaaaagh

rjmccall posted:

If print were actually printf, then print a would indeed have format-string vulnerabilities. But it isn't; the printf-like thing in that code is python's % operator, which is essentially sprintf.

I think he is trying to assert that, in C, printf("%s",s); has a format-string vulnerability. Which is false.

# ? May 4, 2009 18:25

necrobobsledder: Mar 21, 2005; Lay down your soul to the gods rock 'n roll; Nap Ghost

scanf("%s",f);printf(f); certainly has a format string vulnerability though. But in that context, no, none.

Unparagon posted:

pointer mishaps and SQL abuse

I am never downloading an app from the app store again.

# ? May 4, 2009 22:01

Volte: Oct 4, 2004; woosh woosh

The fact that you are printf'ing a string stored in a variable and not a literal means that the value could change in the future without even looking at or knowing about the existence of the printf in question. If it changes to a string which contains a %, it introduces undefined behaviour that could have easily been prevented. It even specifically states this in K&R (page 155).

On the other hand, there's no point in doing it in the python code since there's no vulnerability to start with.

# ? May 4, 2009 23:22

dancavallaro: Sep 10, 2006; My title sucks

necrobobsledder posted:

I am never downloading an app from the app store again.

OH GOD Unparagon's poorly named variables are going to magically corrupt all of your data and send your SSN to North Korea.

# ? May 5, 2009 04:05

twodot: Aug 7, 2005; You are objectively correct that this person is dumb and has said dumb things

Avenging Dentist posted:

I think he is trying to assert that, in C, printf("%s",s); has a format-string vulnerability. Which is false.

Sorry, I've been writing in C# for 6 months, and I'm apparently functionally retarded in C now.

# ? May 5, 2009 05:51

Presto: Nov 22, 2002; Keep calm and Harry on.

Just now found a classic:

code:

i = (++i) % j;

...in 5 places in the same file.

# ? May 8, 2009 23:34

Steve French: Sep 8, 2003

Presto posted:

Just now found a classic:
code:
i = (++i) % j;
...in 5 places in the same file.

Well hey, at least it isn't

code:

i = (i++) % j;

# ? May 9, 2009 01:15

ymgve: Jan 2, 2004; Offensive Clock

Volte posted:

The fact that you are printf'ing a string stored in a variable and not a literal means that the value could change in the future without even looking at or knowing about the existence of the printf in question. If it changes to a string which contains a %, it introduces undefined behaviour that could have easily been prevented. It even specifically states this in K&R (page 155).

On the other hand, there's no point in doing it in the python code since there's no vulnerability to start with.

But nobody did that. The only person that did was in the example above you. The Python code is 100% valid and safe, because the formatting part is a literal.

# ? May 9, 2009 02:47

Chuu: Sep 11, 2004; Grimey Drawer

Ran into this at work in a college's code. It took me a while to figure out what this was actually doing thanks to a very oddly overloaded operator(*) plus incredible terseness:

code:

for (++*i; **i; ++*i)
{
     ...
}

Chuu fucked around with this message at 11:04 on May 9, 2009

# ? May 9, 2009 10:54

Vanadium: Jan 8, 2005

ymgve posted:

But nobody did that. The only person that did was in the example above you. The Python code is 100% valid and safe, because the formatting part is a literal.

That was just an explanation how to possibly get it wrong in C, because defending against that is what the dude did in Python. The joke is not that the python guy did something unsafe, it is that he used formatting operations to protect against a danger that does not even come with Python's print function.

# ? May 9, 2009 13:07

Patashu: Jan 7, 2009

Chuu posted:

Ran into this at work in a college's code. It took me a while to figure out what this was actually doing thanks to a very oddly overloaded operator(*) plus incredible terseness:
code:
for (++*i; **i; ++*i)
{
     ...
}

What's going on here? What did he make his operators do?

# ? May 10, 2009 15:15

That Turkey Story: Mar 30, 2003

Steve French posted:

Well hey, at least it isn't
code:
i = (i++) % j;

Both statements have undefined behavior unless those are overloaded operators. Post or pre-increment doesn't matter, assuming C or C++, that is.

# ? May 10, 2009 17:36

pokeyman: Nov 26, 2006; That elephant ate my entire platoon.

That Turkey Story posted:

Both statements have undefined behavior unless those are overloaded operators. Post or pre-increment doesn't matter, assuming C or C++, that is.

I get why post/pre doesn't matter, but why is the overall behaviour undefined? To my (admittedly untrained) eyes, assuming i and j are numbers, that line increments i by one then ensures it didn't just grow larger than j, wrapping around to 0 if so. Did I get that wrong?

# ? May 10, 2009 20:03

Vanadium: Jan 8, 2005

It just is undefined, since both the assignment itself and the ++ modify i, which is illegal because there is no sequence point inbetween.

# ? May 10, 2009 20:25

rjmccall: Sep 7, 2007; no worries friend; Fun Shoe

pokeyman posted:

I get why post/pre doesn't matter, but why is the overall behaviour undefined? To my (admittedly untrained) eyes, assuming i and j are numbers, that line increments i by one then ensures it didn't just grow larger than j, wrapping around to 0 if so. Did I get that wrong?

With a few exceptions, the order of execution of side-effects within expressions is not specified in C/C++, so it is permitted for the increment to logically happen after the assignment. The major exceptions are the comma operator (left before right), the ternary operator (condition before chosen expression), and call-like operations (function and arguments (in any order) before call). (n.b. this list is not guaranteed to be exhaustive)

# ? May 10, 2009 20:30

Vanadium: Jan 8, 2005

no this is not "who knows what the value of i is going to be afterwards", this is literally undefined behaviour

you do not have to argue why it is because it just says in the standard not to do that poo poo

# ? May 10, 2009 20:32

j4cbo: Nov 1, 2004; huh?

Vanadium posted:

no this is not "who knows what the value of i is going to be afterwards", this is literally undefined behaviour

you do not have to argue why it is because it just says in the standard not to do that poo poo

oh poo poo guys demons just flew out of my nose what do i do

# ? May 10, 2009 20:38

rjmccall: Sep 7, 2007; no worries friend; Fun Shoe

I agree with you? But we can argue if you like, I am not picky. I just thought people might care why x = 7, ++x was well-defined and this wasn't.

# ? May 10, 2009 21:42

pokeyman: Nov 26, 2006; That elephant ate my entire platoon.

rjmccall posted:

With a few exceptions, the order of execution of side-effects within expressions is not specified in C/C++, so it is permitted for the increment to logically happen after the assignment. The major exceptions are the comma operator (left before right), the ternary operator (condition before chosen expression), and call-like operations (function and arguments (in any order) before call). (n.b. this list is not guaranteed to be exhaustive)

Thanks for the explanation.

Vanadium posted:

no this is not "who knows what the value of i is going to be afterwards", this is literally undefined behaviour

you do not have to argue why it is because it just says in the standard not to do that poo poo

Calm down champ, nobody's trying to stir up poo poo but you. "Literally undefined behaviour" and "not specified in C/C++" mean the same thing to me, and either way I got the point: the result of this expression is not defined, and thus a coding horror. I didn't know it was undefined in C/C++ so I didn't see why it was a horror. Following along? Great.

# ? May 11, 2009 00:03

Chuu: Sep 11, 2004; Grimey Drawer

Patashu posted:

What's going on here? What did he make his operators do?

i is a pointer to a custom iterator class. First operator is deference to get the actual iterator object. Second is to get the object the iterator is pointing to, which is NULL if it's out of range. ++ overloaded to increment the iterator's internal reference.

It's a pretty natural way to write the code if you know what's going on but it makes people who maintain your code want to stab you.

I am still a neophyte to C++ but seeing "++*x" is also a little offputting at first glance.

(I guess * isn't that oddly overloaded, but seriously, if you are going to write an iterator class, making it behave differently than STL iterators is a bad thing.)

Chuu fucked around with this message at 04:04 on May 11, 2009

# ? May 11, 2009 03:59

FSMC: Apr 27, 2003; I love to live this lie

necrobobsledder posted:

Unparagon posted:
pointer mishaps and SQL abuse

I am never downloading an app from the app store again.

I admit my pointer understanding is a bit limited, could you explain the pointer mishaps.(I didn't even know I was using pointers, except for maybe for the nsstring).

Also what about the sql abuse?

# ? May 11, 2009 10:14

Zombywuf: Mar 29, 2008

Chuu posted:

(I guess * isn't that oddly overloaded, but seriously, if you are going to write an iterator class, making it behave differently than STL iterators is a bad thing.)

If it's different to STL iterators then it is wrong. There are well defined behaviors people are going to expect if it looks like an iterator, if these are violated anything could happen.

This is almost as bad as overloading && to delete it's arguments.

# ? May 11, 2009 13:22

Seth Turtle: May 6, 2007; by Tiny Fistpump

Zombywuf posted:

This is almost as bad as overloading && to delete it's arguments.

Where do people come up with this insanity? Is it really that hard to code in a sane and understandable manner?

# ? May 11, 2009 13:56

FSMC: Apr 27, 2003; I love to live this lie

code:

-(void)visUpdate
{	
	int i=0;
		
int squareSel=[[myMap.basePosArray objectAtIndex:i]intValue]*myMap.mapSize+[[myMap.basePosArray objectAtIndex:i+1]intValue];
		
		[myMap.visibilityArray replaceObjectAtIndex: (squareSel) withObject:[NSNumber numberWithInt:1]];
[self visTexUpdateSquare:squareSel];
		
		
		int squareNear=squareSel-1;
		if([[myMap.basePosArray objectAtIndex:i+1]intValue]>0)
		{
			[myMap.visibilityArray replaceObjectAtIndex: (squareNear) withObject:[NSNumber numberWithInt:2]];
			[self visTexUpdateSquare:squareNear];
		}
		
		squareNear=squareSel+1;
		if([[myMap.basePosArray objectAtIndex:i+1]intValue]<myMap.mapSize-1)
		{
			[myMap.visibilityArray replaceObjectAtIndex: (squareNear) withObject:[NSNumber numberWithInt:2]];
			[self visTexUpdateSquare:squareNear];
		}
		squareNear=squareSel+myMap.mapSize;
		if([[myMap.basePosArray objectAtIndex:i]intValue]<myMap.mapSize-1)
		{
			[myMap.visibilityArray replaceObjectAtIndex: (squareNear) withObject:[NSNumber numberWithInt:2]];
			[self visTexUpdateSquare:squareNear];
			
			if([[myMap.basePosArray objectAtIndex:i+1]intValue]<myMap.mapSize-1)
			{
				[myMap.visibilityArray replaceObjectAtIndex: (squareNear+1) withObject:[NSNumber numberWithInt:2]];
				[self visTexUpdateSquare:squareNear+1];
			}
			if([[myMap.basePosArray objectAtIndex:i+1]intValue]>0)
			{
				[myMap.visibilityArray replaceObjectAtIndex: (squareNear-1) withObject:[NSNumber numberWithInt:2]];
				[self visTexUpdateSquare:squareNear-1];
			}
			
			
		}
		squareNear=squareSel-myMap.mapSize;
		if([[myMap.basePosArray objectAtIndex:i]intValue]>0)
		{
			[myMap.visibilityArray replaceObjectAtIndex: (squareNear) withObject:[NSNumber numberWithInt:2]];
			[self visTexUpdateSquare:squareNear];
			
			if([[myMap.basePosArray objectAtIndex:i+1]intValue]<myMap.mapSize-1)
			{
				[myMap.visibilityArray replaceObjectAtIndex: (squareNear+1) withObject:[NSNumber numberWithInt:2]];
				[self visTexUpdateSquare:squareNear+1];
			}
			if([[myMap.basePosArray objectAtIndex:i+1]intValue]>0)
			{
				[myMap.visibilityArray replaceObjectAtIndex: (squareNear-1) withObject:[NSNumber numberWithInt:2]];
				[self visTexUpdateSquare:squareNear-1];
			}
			
		}
		

	
	
}

# ? May 11, 2009 15:26

Triple Tech: Jul 28, 2006; So what, are you quitting to join Homo Explosion?

So, what's it trying to do? It's too verbose...

# ? May 11, 2009 15:33

Avenging Dentist: Oct 1, 2005; oh my god is that a circular saw that does not go in my mouth aaaaagh

Seth Turtle posted:

Where do people come up with this insanity? Is it really that hard to code in a sane and understandable manner?

Given that people make functions called doit or run in Java, yes.

# ? May 11, 2009 17:12

FSMC: Apr 27, 2003; I love to live this lie

Triple Tech posted:

So, what's it trying to do? It's too verbose...

1. There should be comments on what it actually does.

There is a map/grid, with an array with a single index. The function basically just finds all the squares next to a given square and performs a couple of functions on it.

It can be replaced with a couple of for loops and if statments.

# ? May 11, 2009 17:23

Adbot: ADBOT LOVES YOU

# ? May 14, 2024 16:13

Flobbster: Feb 17, 2005; "Cadet Kirk, after the way you cheated on the Kobayashi Maru test I oughta punch you in tha face!"

Unparagoned posted:

1. There should be comments on what it actually does.

There is a map/grid, with an array with a single index. The function basically just finds all the squares next to a given square and performs a couple of functions on it.

It can be replaced with a couple of for loops and if statments.

Not to mention the use of NSArray to store integers makes me want to scratch my eyes out, since it means you have to wrap them in NSNumbers and make everything even more verbose by boxing/unboxing them.

I refuse to actually look too closely at the code, but there's the potential for NSIndexSet to be a better fit here for a collection of integers.

# ? May 11, 2009 19:34

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »