Developers like to use booleans as flags. They're a convenient way to indicate something as on/off, true/false, yes/no. But the problem is that booleans are not clear from calling code exactly what they do. For example: Does anyone in the calling scope have any idea what the defining scope is doing? Absolutely not. The flag
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead...