23 Feb
2009
23 Feb
'09
11:21 p.m.
<http://blog.fortify.com/blog/fortify/2009/02/20/SHA-3 -Round-1> The other issues we found were memory leaks and null dereferences from memory allocation. This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management.
1. Most of the submissions did not mess up memory management. 2. A lot of my code has been subjected to code review before run time testing and never has anyone found a memory management bug in my C code, despite heavy use of functions such as snprintf, memmove, and strncpy.