Recently we ported our software to a more recent version of Visual Studio and the Oracle Client. The last application we delivered to test had some problems. Initially the work for this application was assigned to another developer. But when there were problems it somehow got reassigned to me. So I stepped up and took ownership of the problem. I was easily able to replicate the problem. However the code worked fine in debug mode. So I reverted back to the most basic of debugging techniques I know. I added print statements all over the code to locate where the application was bombing.
At first I found that all of the database calls from one of the modules were failing. Upon closer inspection of the project properties, I found that the release version of the module was still connected to the old version of the Oracle client. So I updated the project to use Oracle 10g. This got me a little further. But it did not completely resolve the problem. A bunch of print statements later, I discovered the problem was located within a C function called “trim”.
An educated guess made me believe the “trim” function did something like removing trailing white space or something. A quick scan of its source code made me feel a bit ill. There were absolutely no comments. That’s normally OK as I can read code as good as the next guy. But it seemed as though the function was obfuscated, either by design or by poor programming skills. There were lots of variables defined and used in the function that had really cryptic names. Some examples of the variables are tmp, tmp2, str, wk, and ln. There was also a bevy of if statements nested within each other that added to the confusion. The only thing that I knew for sure was that this function certainly was not just stripped the blanks off the end of a string.
Once again I relied on the good old print style of debugging. I found that the application was trying to write to some memory that was supposed to be protected. Unfortunately the compiler did not catch this. And somehow it worked fine in the debug version. So I fixed the problem. Then I did my duty and added some comments in front of the function describing what the heck the thing did. Now I did not go as far as renaming the variables. But I added a bunch of comments each time the variables were used to give a maintenance developer a chance of understanding what was going on. Now we just need to make sure we don’t write any more cryptic functions like this one.
Backtrack Linux - Backtrack is a Linux distribution based off Ubuntu. It is used for penetration testing and forensics. The distro was a combination of WHAX and Auditor. It...