Andre's Blog
Perfection is when there is nothing left to take away
Break, break, dammit!

A couple of days ago a developer asked me why their Visual Studio 2005 debugger no longer breaks when a C++ exception is thrown, even though C++ exceptions were not suppressed in the exception configuration and the debugger was attached to an IIS worker process to debug native code.

Thinking that something might be wrong with how C++ exceptions were handled, I stuck a statement dereferencing a NULL pointer into the code:

*(char*) 0 = 0;
Microsoft: More steam, more noise - let the world think we are moving!

Microsoft declared standard memory manipulation functions, such as memcpy, not secure and deprecated. The motivation behind this is that modern developers are not smart or careful enough to ensure that the destination buffer has sufficient room, which results in buffer overruns: