Finding Time Bombs with Google Code Search

Well I thought a search for “retrun” would return lots of rarely called functions just waiting to be called and crash. But instead all of the misspellings appear to be in the comments only. Perhaps all languages have a way to catch this.

Can you think of other more treacherous typos that could slip into code? Or in general can any bugs be found using only Google code search?

—
BTW, somewhat related to searching for typos, I always get a laugh searching for people who think newbie is spelled “new bee”. My guess is that they overheard the term somewhere and somehow thought it was related to bees?

 |   |   |   | 

This entry was posted on Wednesday, January 3rd, 2007 at 3:50 pm and is filed under other, Python, humor. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

3 Responses to “Finding Time Bombs with Google Code Search”

1. Jeff Says:
   January 4th, 2007 at 12:22 pm

   The lack of “retrun” results doesn’t surprise me as it’s a keyword mispelling. Most languages will see it as an undefined variable or a syntax error I’d imagine (the same as typing i 3 or some such nonsense on a random line). Time bombs in my experience are mostly logic related, which is quite difficult to express in a regex.

2. Mark Eichin Says:
   January 4th, 2007 at 7:11 pm

   For that matter, the popularity of keyword-highlighting editors helps a great deal. google for google codesearch security hole and you’ll find the burst of postings from back when it came out, and how many logic errors (like memset with a 0 count instead of a 0 fill value) you *can* easily find with regexp searches…

3. Greg - CEO/Founder Says:
   January 4th, 2007 at 7:24 pm

   You guys have a good point. It would be hard to write “retrun” and have it stay in your code after compiling/running.

   Here’s a good write-up of Google code search security holes.