Well if it can't find the function it might stop the whole script from working (that usually happens to me when I forget a ; or a ) somewhere)

But doing window.nameOfFunction() usually works... or unsafeWindow..

I could be getting it wrong though.


These two pages may help too:
http://wiki.greasespot.net/index.php?title=Content_Script_Injection&oldid=6260
http://wiki.greasespot.net/Content_Script_Injection
Which are about Script injection, the first is the method I use and the second seems to have been recently implemented or something because it's replaced the first page and I haven't seen it before...

Here is the issue: "running code properly" means that the code has the same observable properties, provided there is no undefined behavior. The memset() call can be optimized out because it has no observable effects (again, ignoring undefined behavior).

Unfortunately, if buggy code happens to read data past the end of an array, the result is undefined, meaning it could (in theory) do anything. This is the problem here; we want the buffer to be zeroed out so that it isn't there to be disclosed as a result of undefined behavior.

Heartbleed is one example of what I am thinking of here. You have code that is something like the following:

scanf("%d", &len);
buff = malloc(len);
fread(buff, 1, len, stdin);
fwrite(buff, 1, len, stdout);
free(buff);

If len is less than the size of the buffer, only part of the buffer is overwritten by fread(), and the rest is unchanged. fwrite(), then, writes the entire buffer, including the part that was not overwritten, which could contain sensitive data that wasn't cleared earlier. (In particular, note that the behavior here is technically undefined, so the compiler is allowed to have it do literally anything.)

(By the way, this code can be fixed; store the return value of fread() into a variable and pass it instead of len to fwrite. Unfortunately, it is easy to forget to do so, leading to a bug that can be exploited, so you shouldn't assume that programmers will get this correct all the time.)

When doing quick tests of this sort of thing, make sure to compile with optimization (-O2 in gcc/clang) and that you check the assembly language output so you know what code is actually being generated.

Out of curiosity, has anybody done anything with OpenCL? I am interested in learning it.

(One field I am interested in is scientific computation. Of course, game development is another serious area of interest for me.)

Today I came across the weirdest use of a FOR statement I've ever seen, so I thought I'd share. It's a C# method which converts a stream to a byte array:

public static byte[] ToByteArray(this Stream stream)
{
stream.Position = 0;
byte[] buffer = new byte[stream.Length];
for (int totalBytesCopied = 0; totalBytesCopied < stream.Length; )
totalBytesCopied += stream.Read(buffer, totalBytesCopied, Convert.ToInt32(stream.Length) - totalBytesCopied);
return buffer;
}

Can anyone explain to me why he chooses to employ a FOR "loop" here?

don't really know much about C# and it's standard classes (ie what exactly behind the Stream class) ...

but drawing an analogy to the standard read() system call:
the read call only attempts to read the number of bytes given as an argument. It can actually return fewer bytes, for example when read() is interrupted by a signal or when reading from a pipe/terminal.

putting it into a loop like that ensures that you really read the entire stream.
Not sure though if that behaviour is the same in C#.

( coming from C I notice a disturbing lack of error handling, but a assume exceptions are used for that in C# ... )

My guess would be that it's not the posts as such that have been low rated (although technically they have of course), it's you personally. Should I venture a guess as to why, I'd say it's probably because of your clashes with other forum users in other threads. It looks like you're likely being systematically targeted by one of the automatic de-rep scripts that seem to be all the rage on this forum these days.

Coming from C I find the line "return buffer" to be rather suspicious.

In C, you can't do this and expect it to work:

char *func(void)
{
char buffer[256];
/* Put stuff in the buffer */
return buffer;
}

If you try, the code will compile without issue (though a good compiler would print a warning message), but if you run it and attempt to access the returned buffer, you may get strange results. Thing is, buffer is allocated on the stack, and once the function returns, the stack frame no longer exists, so the returned value is a dangling pointer.

Incidentally, if you try doing this sort of thing in safe Rust, either this will work fine, or the compiler will complain with an error message to the effect of "buffer does not live long enough".

I assume that this is not an issue in C# because of garbage collection and the fact that the buffer is allocated on the heap.

look closer :p

the memory for "buffer" is allocated via new. it is not occupying stack memory, but heap memory. Returning it would be totally fine in C/C++.
the C equivalent would be:

char *buffer = malloc( num_bytes );

Hmm, you may have a point. In the context where I usually need such functionality I am certain that the stream is complete, but that is not necessarily the case in every scenario. Given that, I suppose it is actually a somewhat elegant solution.
Yes, they are.
I have dabbled a bit, but I don't think I can be of much assistance. I used a framework called Cudafy.NET (which supports both Cuda and OpenCL), and all I really did was to modify one of the included examples to draw the Mandelbrot set in color (as opposed to the 1-bit Julia fractal it used to draw). It worked like a charm though, and I plan to look into it further at a later date.

But now we have a memory leak, unless the programmer remembers to put a call to free() after each call to the function.

(Putting free() inside the function won't work for a reason that should be obvious.)

I just wanted to stop by and say "Thanks!" Things have moved like crazy.

I'm no expert at javascript, but I'm learning tons every day and blowing away my whole corporation.

My script went from simply printing a table to now a whole bunch of full automation and optimizing work-flows. Closing 80% of our work orders went from 11 clicks and 3 keystrokes (best case scenario) to 4 clicks and 1 keystroke. I'm estimating a time savings of roughly 50%, but it could be more. And that's for almost 200 sites, roughly 500 employees, 20-40 work orders per day. I also removed one lengthy reload that occurs in roughly 20% or so of work orders. Overall, my calculations show I'm saving roughly 5.2 days of work throughout the company per day.

I also changed the default program from having a massive amount of white space and having tiny characters to a full ability to zoom and the whitespace is automatically filled up with more data (scanning through 300 work orders 7 at a time was a pain. Now we can see, depending on the screen size and text size double to quadruple that number).

I have a handful of beta testers that so far have found no bugs.

I just got my extension onto the Chrome store yesterday (private) for the final stretch of beta and hopefully release it in a week or two.

It's been very awesome. :)

Anyway, thank you for getting me pointed in the right direction! It was a lot of learning, but the results have been awesome.

Oh, one last thing. The company that sold us the software eluded to the fact that they built the software in America by people in our same position. "For us, by us" was their slogan. But after snooping through their code, it was all outsourced to India. No wonder they couldn't implement all of the simple changes we had requested. Ha!

That's fantastic, it sounds like you've really been able to make a difference. I hope your employer recognises and appreciates the work you've put in as you've probably saved them a lot of time and money.

Really glad I was able to help and get you started.

That last but doesn't surprise me at all either, it's so often the case...

Hi everyone!
As I am new to this thread - some inrodutcion:
I am a software developer from Ukraine (and a geek of course). At work I'm mostly were usinc C and C++, and some Pascal in the past. Had experience with PC, Atmel and a some Anglog Devices microcontrollers. And for hobbies I have developed some code in many languages I don't actually know XD

So, I have a question, maybe you can give me some advice. Recently I'm updated to Windows 10 (because free update period is running out). I think it's terrible, but that's not what I wanted to ask about, just a side note. So, after upgrading this bloody thing has removed my software firewall. I were using free version of Agnitum Outpost, but it's not supported anymore, so no chance they would came up with an update allowing to install it on Win10. Then I tried to install Comodo, but windows blocked installation before it start (maybe because I have Win 10 home, some people told me that they successfully installed it on Win 10 pro). So, now I'm looking for a new firewall, so if you are using software firewall and windows 10 - I would be thankful for an advice. Of course I prefer free version, because I'm short on money.

I am thinking of writing a simple computer game in Rust. I think doing so would help me learn the language and would make me get an idea of what the language is (and isn't) good at in its current form.

Also, please stop downrepping my posts in this topic. It's getting *really* annoying; I feel like I'm being punished for trying to participate in the discussion.