Contents

Gashlycode Tinies

I’m following the Software Security course at Coursera.

In this course, they explain how an adversary can take advantage of code defects and how to defend from them. I’ve looking for some like this for long time.

At the end of one of the videos there is a kind of poetry I liked. But I didn’t found it in Internet. So I’ve copied it here. It gathers all kind of code defects we should avoid because an adversary can try to use them.

So here you are: “Gashlycode Tinies” by Andrew Myers, inspired by the “Gashlycrumb Tinies” (1963) by Edward Gorey

GashlyCode tinies

Gashlycode Tinies

  • A is for Amy whose malloc was one byte short
  • B is for Basil who used a quadratic sort
  • C is for Chick who checked floats for equality
  • D is for Desmond who double-freed memory
  • E is for Ed whose exceptions weren’t handled
  • F is for Franny whose stack pointers dangled
  • G is for Glenda whose reads and writes raced
  • H is for Hans who forgot the base case
  • I is for Ivan who did not initialize
  • J is for Jenny who did not know Least Surprise
  • K is for Kate whose inheritance depth might shock
  • L is for Larry who never released a lock
  • M is for Meg who used negatives as unsigned
  • N is for Ned with behavior left undefined
  • O is for Olive whose index was off by one
  • P is for Pat who ignored buffer overrun
  • Q is for Quentin whose numbers had overflows
  • R is for Rhoda whose code left the rep exposed
  • S is for Sam who skipped retesting after wait()
  • T is for Tom who lacked TCP_NODELAY
  • U is for Una whose functions were most verbose
  • V is for Vic who substracted when floats were close
  • W is for Winnie who aliased arguments
  • X is for Xerxes who thought type casts made good sense
  • Y is for Yorick whose interface was too wide
  • Z is for Zack whose code nulls where often spied

Some words

There are a couple of them I do not catch :D So do not surprise if you ask me and I cannot answer you.

Finally, just say that I really recommend that course.