sharp-edges

This source is an instructional guide illustrating common C/C++ unsafe patterns. It does not contain active malicious code, obfuscated payloads, or network exfiltration. However, the patterns shown (unchecked signed integer arithmetic for allocation size, unsafe string and format APIs, uninitialized memory leaks, improper freeing and use-after-free, unsafe signal-handler usage, and TOCTOU) are high-risk when present in real software and can lead to memory corruption, information leakage, and potential remote code execution. Treat the examples as warnings: do not copy them into production. Use bounded APIs, explicit checks for integer overflow, secure memory wiping functions, initialize structures, null pointers after free, prefer open+fstat checks over access(), and avoid non-async-signal-safe calls in handlers.

This file is an educational checklist and examples of insecure authentication/session management patterns. It does not contain runtime malicious code (no exfiltration, shells, or hidden network calls). However, the code snippets demonstrate many high-risk vulnerabilities (timing attacks, password truncation, session fixation, predictable tokens, token reuse, missing authorization, IDOR, weak MFA and recovery mechanisms). Treat these snippets as examples of what not to implement; any production code that mirrors these patterns should be remediated. Overall: not malware, but many high-severity security pitfalls.