Zune: small programming errors that have big consequences
Microsoft has just shown the world what the consequences of a relatively small programming mistake can be. In this case, it’s a classic “off-by-one” error in the clock driver of the Zune mediaplayer:
year = ORIGINYEAR; /* = 1980 */
while (days > 365)
{
if (IsLeapYear(year))
{
if (days > 366)
{
days -= 366;
year += 1;
}
}
else
{
days -= 365;
year += 1;
}
}
The code above converts the internal “seconds since 1980” time to something more readable, but on the last day of a leap year the number of days will be exactly 366, and thus it will stay in the loop until 24 hours later. While this is not a security risk, it does show how easy it is to make these kinds of mistakes. This is a simple piece of code, and even then it took me a while to figure out what the problem was.
September 1st, 2009 at 12:59 pm
[…] Zune: small programming errors that have big consequences | Security and the Net securityandthe.net/2009/01/02/zune-small-programming-errors-that-have-big-consequences – view page – cached Microsoft has just shown the world what the consequences of a relatively small programming mistake can be. In this case, it's a classic off-by-one error in — From the page […]