problems/risks due to programming language, stories requested

[Gerald Baumgartner <gb@purdue.edu>]

For a research project I am collecting information about the risk of
choosing the wrong programming language. In particular I am looking
for problems that could have been avoided if another (a better)
programming language would have been used.

I know of these three such stories:

     1.	There is the famous story that a Mariner probe got lost
	because of the Fortran statement `DO 3 I = 1.3' (1.3 instead
	of 1,3) (see Peter Neumann: A Few Old War Stories Reappear.
	ACM SIGSOFT 11(5), Oct. 1986, pp. 16-18). It is a nice story
	but, as far as I know, NASA used Jovial at that time and not
	Fortran.

     2. One of the security holes the Internet Worm took advantage of
	was in fingerd (the finger deamon). The deamon uses the gets
	routine for input. This routine, written in C, reads input
	without checking for bounds on the buffer involved. By
	overrunning the buffer, the worm rewrote the stack frame (see
	Eugene H. Spafford: Crisis and Aftermath. Communications of
	the ACM 32(6), June 1989).

	There would be no security hole in the finger daemon if a
	programming language would have been used for the I/O
	routines, where the compiler takes care of boundary checks for
	arrays. Pascal doesn't work since variable length strings are
	needed, but Ada would be fine. A language a la ML, where these
	checks are done at compile time, would be even better.

     3. The AT&T breakdown a month ago was caused by a break statement
	in C. See the following mail (multiple forwarding headers deleted):

Subject: AT&T software problem
Subject: Cautionary note on C programming...AT&T learns from experience
>From: kent@wsl.dec.com
Subj:	I've always thought C looked like line noise.
Subj:	the bug
Subj:	AT&T's bug, for you C users out there...
Subj:	I C what they mean!
Subj:	"c" considered dangerous to telephones
Subj:	Be careful from where you break! (else no long distance calls will make it thru...)
Subj:	C switch breaks AT&T switches!
Subj:	your "c users" list might appreciate this....


I received the following on AT&T's famous bug (and have deleted multiple 
forwarding headers):

| | Subject: AT&T Bug
| | Date: Fri Jan 19 12:18:33 1990
| | 
| | This is the bug that cause the AT&T breakdown
| | the other day (no, it wasn't an MCI virus):
| | 
| | In the switching software (written in C), there was a long
| | "do . . . while" construct, which contained
| |    a "switch" statement, which contained 
| |       an "if" clause, which contained a
| |          "break," which was intended for
| |       the "if" clause, but instead broke from
| |    the "switch" statement.
| | 

	Again it looks like this bug wouldn't have occurred in another
	programming language.

You C what I mean? Do you know other stories like these, if possible
with references? I don't want to praise Ada or pick at C and Fortran;
I am looking for any story where a proveably inappropriate/insecure
programming language has been used.


Gerald Baumgartner   gb@cs.purdue.edu   ...!{decwrl,gatech,ucbvax}!purdue!gb