On Sun, May 17, 2009 at 05:40:44PM +0300, Elad Efrat wrote: [...] > > 3. When (publicly, even) told about an obvious bug, you still go > > ahead and commit it. > > False, the bug you're referring to wasn't the one that was fixed, see > the commit diff: > > > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/net/if_bridge.c.diff?r1=1.68&r2=1.69&f=h Yes, it's much different; instead of dereferencing crap because of an invalid value of ifd_cmd, you were dereferencing NULL beacause of an invalid value of ifd_cmd. What's really worse, though, is that gcc *told* you about bc being used uninitialised, which I guess is why you added the XXXGCC comment at the initialisation of bc. So, really, Elad, reconsider the way you do security development. -- Quentin Garnier - cube%cubidou.net@localhost - cube%NetBSD.org@localhost "See the look on my face from staying too long in one place [...] every time the morning breaks I know I'm closer to falling" KT Tunstall, Saving My Face, Drastic Fantastic, 2007.
Attachment:
pgpxY3f49qPvt.pgp
Description: PGP signature