HeadlinesBriefing favicon HeadlinesBriefing.com

Underhanded C Contest reveals NaN poisoning tricks

Hacker News •
×

The 2015 Underhanded C Contest concluded with over 40 high‑quality entries and a shortlist of runners‑up and a winner. The challenge, crafted with the Nuclear Threat Initiative, asked participants to devise subtle bugs in code used for nuclear verification, highlighting the need for rigorous security practices in safety‑critical software.

A recurring theme was NaN poisoning, where a floating‑point "not a number" value propagates through calculations and defeats threshold checks. Submissions varied: some assumed hostile input could inject NaNs, others triggered them via division by zero or malformed file parsing, exposing how easily undefined values can mask malicious behavior.

Judges favored realistic exploits that could arise without contrived conditions. Entries that relied on environment‑triggered cues—such as altering CPU count during parallel processing—earned particular attention. The contest underscored that even seasoned C programmers must anticipate obscure edge cases to protect high‑stakes applications.