As it turned out, the most cited piece of Java code on StackOverflow contained an error that no one had noticed for nine years. Now the bug was discovered by the snippet author Andreas Lundblad, a Java developer at Palantir and one of the most influential members of the StackOverflow community.
Also in scientific article In 2018, the Lundblad snippet was recognized as the most copied Java code with StackOverflow, which was used in many open source projects. So, analysts estimated that the code was copied and implemented in more than 6,000 Java projects on GitHub. This snippet was originally published as an answer to a question in September 2010. The idea was to convert 123,456,789 bytes to a readable format, for example, 123.5 MB.
Last week Lundblad told on the blogthat he found an error in the code: it turned out, after the publication of the mentioned scientific article, he noticed that he had converted the number of bytes incorrectly, and now he prepared a corrected, correct version of the snippet.
Fortunately, the bug turned out to be quite trivial and, as a result, could only lead to minor inaccuracies in estimates of the file size. It could have ended much worse if the error had triggered security problems. In this case, it could take years to fix all the projects that are vulnerable because of this bug, since many developers do not think at all about the possible consequences when copying someone else's code from StackOverflow. In addition, many people intend to copy the code without attribution and actually hide from everyone that they introduced unverified code into the project.
For example, in the fall of this year, IB researchers countedthat on GitHub you can find 2859 projects that used borrowed and dangerously vulnerable fragments of C ++ code from StackOverflow. Experts have identified and searched for only 69 such problematic pieces of code over the past 10 years, and in fact there can be many more such errors.