4.4 Lessons Learned
As a programmer:
Don’t mix different data types.
Learn about the hidden transformations done automatically by the compiler. These implicit conversions are subtle and cause a lot of security bugs[43] (also see Section A.3).
Get a solid grasp of C’s type conversions.
Not all NULL pointer dereferences in user space are simple denial-of-service conditions. Some of them are really bad vulnerabilities that can lead to arbitrary code execution.
Full RELRO helps to mitigate the GOT overwrite exploitation technique.
As a user of media players:
Never trust media file extensions (see Section 2.5).
Get A Bug Hunter's Diary now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.