Comment Re:Regression tests are for wimps! (Score 3, Informative) 165
While it could have been caught, the bug was actually a result of testing, namely the use of the Coverity static analyzer which flagged up "strcat(passwd, "$");". In this particular case it was safe use strcat, but was erroneously changed to "strlcat(passwd, "$", 1);" to avoid the warning.
Its a lesson perhaps that automated tests aren't the silver bullet for avoiding bugs, understanding the code itself is just as important.
It also raises the question of whether much of the criticism in the discussions below should be directed at C instead of PHP. I'll stay out of that one...!