|
From: Thomas S. <ste...@gm...> - 2005-05-19 15:21:51
|
On 5/19/05, Julian Seward <js...@ac...> wrote: > Are you sure? If the checksum concludes incorrectly that the new code > is the same as the old code, then we are hosed :-) [i think] Yes, that seems to be the case.=20 > So in fact I'd really prefer a 64-bit checksum if possible. Actually, I think using a checksum at all is a bad idea. In the best case you leave a small chance of "bad things happening", with 64bit the chance is just smaller than with a 32bit checksum. But I think that valgrind should be always correct, not just most of the time :-) And there is the question of exploits. If there is a deterministic case where valgrind makes a mistake, someone might decide to write a webpage that uses the exploit to take over your computer. Ok, that is highly unlikely, but not impossible. Since the trampolins are usually small, what about just doing a memcmp() with the original code? Thomas |