Programming thread

Rusty Metal Skull Gun · Dec 29, 2024

ADHD Mate said:
C programmer will just not expect it, because it is a thing in Python.

Exactly, different languages have their own idioms.

The Stranger said:
I didn't say it would do nothing, I said it wasn't necessary. A handful of milliseconds isn't going to break the bank on a CLI tool for changing one filetype to another.

Suit yourself - but if you wrote it as a learning exercise, I would have thought that you'd also be interested in learning how to do it in a performant manner.
If you made it so that it operated on a buffer instead of a file, it'd work with mmap'd files and have other uses too (e.g. data received from a network socket).

${Sandy} · Dec 29, 2024

GhastlyGhost said:
I'll bite on this niggerlicious bait, https://learnopengl.com/ will teach you about the graphical end of a 3d game engine.

That would actually be pretty cool.

I was gonna start looking into C++ because I heard all the good roguelikes are made in C++

306h4Ge5eJUJ · Dec 29, 2024

${Sandy} said:
That would actually be pretty cool.

I was gonna start looking into C++ because I heard all the good roguelikes are made in C++

The language really has no bearing on the quality of a roguelike. It's not like they're a performance-hungry genre either.

${Sandy} · Dec 29, 2024

306h4Ge5eJUJ said:
The language really has no bearing on the quality of a roguelike. It's not like they're a performance-hungry genre either.

Yes. But I was already planning on learning C++ anyways.

Im still mostly focussing on webdev stuff but I also find trying to make things that interest me personally helps me learn alot even if I fail to make what I have in my head.

Holy fuck c++ seems like a pain in the ass but Im not sure if thats c++ or its because I'm fucking stupid.

I might just keep my efforts focussed on the languages I've already been working with. I think that would be more productive in the longterm.

analrapist · Dec 29, 2024

C++ is such a massive pain in the ass, I am persuaded that it is responsible for the plain C resurgence. But C++ is the oldschool theory of design. Speed, Power, Ease-Of-Use: pick two. OG C picked the first two. C++ also picked the first two, but the change in theory between the time of creation of the two led to the C++ template, which was such a buff to Power that Ease-Of-Use went out behind the shed and blew its own head off with a double barreled shotgun.

${Sandy} · Dec 29, 2024

analrapist said:
C++ is such a massive pain in the ass, I am persuaded that it is responsible for the plain C resurgence. But C++ is the oldschool theory of design. Speed, Power, Ease-Of-Use: pick two. OG C picked the first two. C++ also picked the first two, but the change in theory between the time of creation of the two led to the C++ template, which was such a buff to Power that Ease-Of-Use went out behind the shed and blew its head off with a double barreled shotgun.

I learned C# and I know that its higher level than c++, but its my understanding that it has lower level features that people can utilize so for the time being I cant honestly see why I shouldn't just focus on getting better at the languages I already know because C++ seems like its gonna take up alot of my time.

I can always come back to it later when I have a good reason to. But my first impression is that C++ is something that is gonna really take some time to learn.

779777 · Dec 29, 2024

${Sandy} said:
I learned C# and I know that its higher level than c++, but its my understanding that it has lower level features that people can utilize so for the time being I cant honestly see why I shouldn't just focus on getting better at the languages I already know because C++ seems like its gonna take up alot of my time.

I can always come back to it later when I have a good reason to. But my first impression is that C++ is something that is gonna really take some time to learn.

Just learn C bish, easy to learn hard to master. Most C++ features are worthless

Uncle Ted's Cabin · Dec 29, 2024

${Sandy} said:
I might just keep my efforts focussed on the languages I've already been working with. I think that would be more productive in the longterm.

Yeah, this is the way to go I would say. I don't think there's much point in learning C++ in 2024 unless you already have a job where it's needed or you just really like it for some reason.

${Sandy} · Dec 29, 2024

779777 said:
Just learn C bish, easy to learn hard to master. Most C++ features are worthless

I intend to learn all of them eventually. Its more tools in your belt.

ADHD Mate · Dec 29, 2024

${Sandy} said:
I can always come back to it later when I have a good reason to. But my first impression is that C++ is something that is gonna really take some time to learn.

Learn C first. Then RAII, move semantics and const correctness. In mean time you can learn some of C++ containers, iterators and algorithms.
The last thing you want to learn is templates and constexpr/consteval shenanigans.

Some people would say that you should focus on learning "modern C++" first and religiously follow it.
I however disagree with them. It's true when you work in massive code bases that modern C++ is pretty nice.
But C++ is not modern language, and will never be. C++ is just piles of features atop of C. And you will for sure encounter some stupid shit that makes only sense if you see C++ as such.
If you truly want modern Language, Rust is probably the choice.

Also, complexity has to be managed somewhere. C programmers will cry about templates but then will have no issue with creating the most horrendous macros, abusing void* and copy pasting code.

Concentrate Juice · Dec 29, 2024

The Stranger said:
who wants to ~~rate~~ fuzz my json to xml converter?

Sure

The call to key in string allocates memory, but does not free it.

C:

char *string_out = malloc(string_len+1);
int char_pos = 0;
while ((key_char = fgetc(input)) != '"') {
    if (key_char == '\\') {
        fseek(input, 1, SEEK_CUR); //increment pointer to ignore whatever is after the escape sequence
        continue;
    }
    string_out[char_pos] = (char)key_char;
    char_pos++;
}

will overflow the heap via the string_out pointer using the following malformed json input

JSON:

{"sneed":420, "nigger:}

You need to check that char_pos does not index into string_out beyond what is allocated by malloc(string_len+1), and if it does you print an error and exit the program.

Code:

=================================================================
==49333==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000036 at pc 0x555555633899 bp 0x7fffffffe820 sp 0x7fffffffe818
WRITE of size 1 at 0x602000000036 thread T0
    #0 0x555555633898 in key /home/anon/kf_json2xml/original.c:149:30
    #1 0x555555633578 in element /home/anon/kf_json2xml/original.c:88:22
    #2 0x555555633202 in main /home/anon/kf_json2xml/original.c:67:17
    #3 0x7ffff7d03249 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #4 0x7ffff7d03304 in __libc_start_main csu/../csu/libc-start.c:360:3
    #5 0x555555575350 in _start (/home/anon/kf_json2xml/a.out+0x21350) (BuildId: cfa88b3bc25ee2abc1b3653aa96134655e551619)

0x602000000036 is located 0 bytes to the right of 6-byte region [0x602000000030,0x602000000036)
allocated by thread T0 here:
    #0 0x5555555f819e in __interceptor_malloc (/home/anon/kf_json2xml/a.out+0xa419e) (BuildId: cfa88b3bc25ee2abc1b3653aa96134655e551619)
    #1 0x555555633810 in key /home/anon/kf_json2xml/original.c:142:24
    #2 0x555555633578 in element /home/anon/kf_json2xml/original.c:88:22
    #3 0x555555633202 in main /home/anon/kf_json2xml/original.c:67:17
    #4 0x7ffff7d03249 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/anon/kf_json2xml/original.c:149:30 in key
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa fd fa fa fa[06]fa fa fa fa fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==49333==ABORTING

The Stranger · Dec 29, 2024

Concentrate Juice said:
will overflow the heap via the string_out pointer using the following malformed json input

Will it do the same with valid json? I had decided that validating the json was beyond the scope of my project and that crap in = crap out

y a t s · Dec 29, 2024

The Stranger said:
Will it do the same with valid json? I had decided that validating the json was beyond the scope of my project and that crap in = crap out

Maybe, depending on if other bugs are present that lead to a bad state.

The problem is that the while loop keeps going until a double quote is found. When determining string length for the key in the loop above it, you don't check for the presence of both quotes, and it appears to work backwards, so it will determine string length from the end up to the opening quote despite the closing one being missing. Then the loop with the malloc will work forwards, looking for a closing quote that doesn't exist. So it will continue incrementing char_pos indefinitely and trying to use it to index string_out.

If you don't perform any validation whatsoever (e.g. checking for both quotes explicitly), then some hypothetical bug could lead you to read from the wrong place in the file, leading to all sorts of boundary violations like this.

The Stranger · Dec 29, 2024

y a t s said:
Maybe, depending on if other bugs are present that lead to a bad state.

I'd be interested in seeing how it ends up in a bad state if given valid json. I tested it on json taken from several large sites and the xml validated, though I never read through the xml to see if whitespace in strings was deleted like a previous poster mentioned :oops:

y a t s · Dec 29, 2024

The Stranger said:
I'd be interested in seeing how it ends up in a bad state if given valid json. I tested it on json taken from several large sites and the xml validated, though I never read through the xml to see if whitespace in strings was deleted like a previous poster mentioned

In standard JSON, whitespace outside of string literals is ignored. Blindly seeking the way you do works well if you test on stuff using sensible formatting. The thing is, there are plenty of people with no sense whatsoever, and they do all sorts of unpredictable shit. When the spec is forgiving, you're forced to be 10x more forgiving.

The Stranger · Dec 29, 2024

y a t s said:
In standard JSON, whitespace outside of string literals is ignored. Blindly seeking the way you do works well if you test on stuff using sensible formatting. The thing is, there are plenty of people with no sense whatsoever, and they do all sorts of unpredictable shit. When the spec is forgiving, you're forced to be 10x more forgiving.

wdym by sensible formatting? are you referring to how they use whitespace or?

Netizennameless · Dec 29, 2024

${Sandy} said:
Anyone who has a full time coding, whats something that you would look for on a portfolio? I have a game in the works but obviously I should also make some stuff that has more practical applications. Like if I make something specific that if Im able to do it, shows to any potential employers and clients that I do infact know how to write code (c# and javascript) and I didn't just bullshit my way through some online quiz.

Create a personal github specifically to show to employers. In that github write a sample REST API that demonstrates your ability to write a clean controller, a service layer for business logic, and a repository or database layer to persist the data. Make it very simple like a note tracker. Show that you can work with an ORM (like Entity Framework, NHibernate or Dapper in that order) and write unit tests for the simple service layer. It can be as simple as a sticky note tracker and write a sample front-end for it in whatever JS framework you want (probably React, VUE or Angular imo. show a grid of "notes" as separate cards, for instance. Show that you can properly create, edit, view and delete notes in the UI.)

This will help prospective employers get a feel for your knowledge level and coding style. Demonstrate that you understand concepts like dependency injection and working with DTOs. You can also slowly refine it over time as you learn new things.

If any of these concepts don't sound familiar, those are good avenues to look into learning about.

y a t s · Dec 30, 2024

The Stranger said:
wdym by sensible formatting? are you referring to how they use whitespace or?

The point is that everyone's definition of "sensible" varies. Some people (read: lunatics) do shit like this:

JavaScript:

"key" : value,

and it's perfectly permissible, according to the spec.

If you assume your way is the only valid way of doing things, especially when the spec says otherwise, it's only a matter of time until some lunatic breaks your program with his faggy whitespaces and the like.

The Stranger · Dec 30, 2024

y a t s said:
The point is that everyone's definition of "sensible" varies. Some people (read: lunatics) do shit like this:

JavaScript:

"key" : value,

and it's perfectly permissible, according to the spec.

If you assume your way is the only valid way of doing things, especially when the spec says otherwise, it's only a matter of time until some lunatic breaks your program with his faggy whitespaces and the like.

Right, but theoretically none of that matters since it's all filtered out

y a t s · Dec 30, 2024

The Stranger said:
Right, but theoretically none of that matters since it's all filtered out

Okay, so suppose your whitespace filtering fucks up somehow; I notice you write to temp.json in the same directory (theoretically attacker-controllable), which means running the parser in parallel will cause massive problems. That right there is an example that uses valid JSON and gets broken results.

The broader point here is the dangers of assuming your inputs are well-formed. Why be autistic to the point of arguing against simple sanity checks?

Edit: I won the race pretty easily

Programming thread

Rusty Metal Skull Gun

i vill not move out of ze vay

${Sandy}

return this.niggerToAfrica;

306h4Ge5eJUJ

Schwachkopf Professional

${Sandy}

return this.niggerToAfrica;

analrapist

analyst/therapist

${Sandy}

return this.niggerToAfrica;

779777

Uncle Ted's Cabin

kill count: 3 ☑ verified by snopes.com

${Sandy}

return this.niggerToAfrica;

ADHD Mate

Concentrate Juice

Rust shill

The Stranger

it's the perfect night for the world to die

y a t s

MATI scientist

The Stranger

it's the perfect night for the world to die

y a t s

MATI scientist

The Stranger

it's the perfect night for the world to die

Netizennameless

y a t s

MATI scientist

The Stranger

it's the perfect night for the world to die

y a t s

MATI scientist