Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3686PUBLISHED: 2021-01-21
Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobi...
CVE-2020-3687PUBLISHED: 2021-01-21Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue in XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
CVE-2020-3691PUBLISHED: 2021-01-21
Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We...
CVE-2020-11167PUBLISHED: 2021-01-21
Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...
CVE-2020-11179PUBLISHED: 2021-01-21
Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon ...
Latest Comment: This comment is waiting for review by our moderators.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
User Rank: Strategist
8/15/2014 | 1:21:01 PM
There are several things that would have found a double 'goto', had they been used:
First as simple as turning on all of the compiler warnings, and then allowing no warnings in code:
GCC:
#-Wunreachable-code
#Warn if the compiler detects that code will never be executed. [Seems to give bogus results]
# -Werror : Make all warnings into errors.
Follow a programming standard such as MISRA that is commonly used in the embedded space:
MISRA rule 14.1 does not permit unreachable code, as the second 'goto' would be unreachable:
http://www.misra.org.uk/
"Unreachable code:
Code is unreachable if the syntax does not permit the code to be accessed.
Infeasible code:
Code is infeasible code if the syntax allows it to be accessed but the semantics ensure that it cannot be reached whatever input data is provided.
Dead code:
Code is dead if it reachable and feasible, but has no effect on the outputs."
Then there any number of tools that can be used for static analysis such as Gimpel Software's Lint amoung others:
MSG#527 Unreachable code at token Symbol -- A portion of the program cannot be reached.
The problem is the many programmers find doing things correctly "cramp their style".
What will really cramp their style is when software developers will be required to have a license by the state. If we don't clean up our own act, someone else will do it for us, and no one is going to like it!