Re: How is this possible?
I doubt that the mistake here was that the coder didn't know that they should be doing bounds checking.
The problem here is that:
(1) It is hard to to always get it right every single time.
(2) It is hard for a reviewer to easily spot whether or not the coder got it right. [Noting that nobody had spotted this bug for 10 years in security critical code!]
(3) You only need to get it wrong once and you potentially have a severe security flaw.
Note, there is an assumption that the language doing the bounds checking makes it slower, but it doesn't. It just means that the compiler always puts in the bounds checking code that the programmer should have been writing anyway. I.e. a decent compile will spot that the coder has already checked the bounds and hence it doesn't need to do it a second time.
It is also a fallacy to think that it is only poorly trained, or inexperienced, programmers that get this wrong, or folks that aren't smart enough. Everyone gets these sorts of things wrong at some point, the only difference is how often they make the mistake, and whether they find and mitigate the bug before attackers do. Otherwise the penalty is the same in all cases - your code is no longer secure, all for an issue that compilers can trivially get right for the coder.
Biting the hand that feeds IT
