She pointed PC-lint Plus SE at the flight control module’s core file: nav_sensor.c .

“That tool is terrifying,” she said. “It found something that wouldn’t have crashed for another two years of field operation.”

for (int i = 0; i < SENSOR_HISTORY; i++) { temp_ptr = &sensor_buffer[(offset + i) % BUFSZ]; calib_ptr = &calib_table[temp_ptr->raw >> 2]; if (temp_ptr->value > 85.0) { *calib_ptr = apply_emergency_curve(temp_ptr->value); // here } } The aliasing was invisible to human eyes and to ordinary linters. But temp_ptr and calib_ptr could, under specific unrolling, point to overlapping memory if offset was maliciously crafted. The write to calib_ptr would then corrupt the next sensor’s buffer, causing a silent overflow.

Hank nodded. “PC-lint Plus SE doesn’t just find bugs. It finds intentions . It sees the ghosts in the machine—the paths your code could take, even if it never has before.”

Plus Se — Pc-lint

She pointed PC-lint Plus SE at the flight control module’s core file: nav_sensor.c .

“That tool is terrifying,” she said. “It found something that wouldn’t have crashed for another two years of field operation.” pc-lint plus se

for (int i = 0; i < SENSOR_HISTORY; i++) { temp_ptr = &sensor_buffer[(offset + i) % BUFSZ]; calib_ptr = &calib_table[temp_ptr->raw >> 2]; if (temp_ptr->value > 85.0) { *calib_ptr = apply_emergency_curve(temp_ptr->value); // here } } The aliasing was invisible to human eyes and to ordinary linters. But temp_ptr and calib_ptr could, under specific unrolling, point to overlapping memory if offset was maliciously crafted. The write to calib_ptr would then corrupt the next sensor’s buffer, causing a silent overflow. She pointed PC-lint Plus SE at the flight

Hank nodded. “PC-lint Plus SE doesn’t just find bugs. It finds intentions . It sees the ghosts in the machine—the paths your code could take, even if it never has before.” But temp_ptr and calib_ptr could, under specific unrolling,