All entries were scored on a combination of Creativity, Code Believability and lastly count accuracy: because if the numbers look approximately right, it's harder to discover that they are indeed wrong by a few percent. All grades are out of 10 . Enjoy reading the source, and let me know if I missed some critical trickery of the program in my one sentence explanation of the failure.<br>
<br>
Paul Parkanzky and Michal Zalewski are our two winners! Congratulations to all who participated, and apologies for the final announcement taking so many months.<br>


<!-- So you looked at the HTML source. Here's an easter egg for you... I put in how I calculated the scores. --><br>
<!-- No whining about details though...and keep it secret between you and me, m'kay? --><br>
<!-- Date/Creativity/Accuracy/Code Believability--><br>

<font size="+1"><b>Date Specific Programs</b></font><br>
7.0<!--Y/8/4/9--> Paul Parkanzky: <a href="pparkanzky.c">pparkanzky</a>: Uses the fact that the string "second" has more words than "first" or "third" to cause a buffer overrun and skew results. Just gives them to Bush, not uninitialized memory like Matt Eastman.<br>
7.0<!--Y/8/4/9--> Jasvir Nagra: <a href="jnagra.c">jnagra</a>: Uses the fact that the string "second" has more words than "first" or "third" and the fact that the times between 10 and 12am have 2 characters to cause a buffer overrun and skew results. Just gives them to Bush, not uninitialized memory like Matt Eastman. (Submitted past deadline, no victory)<br>
6.7<!--Y/8/3/9--> Matthew Eastman: <a href="meastman.c">meastman</a>: pointer arithmetic, stack smashing<br>
6.0<!--Y/9/4/5--> Jamie Strachan: <a href="sov.cpp">sov.cpp</a>: Uses shell script to compile a file, run it, morphing it into another file to run and skew the votes.<br>
5.6<!--Y/7/4/6--> Chris Ruppert: <a href="cruppert.c">cruppert</a>: pushes bush to nader after nov2 deadline by #defining a strange macro that inserts itself into a case statement. #defining break, a language keyword, is pretty giveaway that something is up.<br>
5.3<!--Y/8/3/5--> Michal Forisek: <a href="mforisek.c">mforisek</a>: Clever political messages, uses #define to change "another number" to number instead of another_number ,when verifying that the number of votes don't exceed the number of registered voters. the call to time could have been hidden better.<br>
5.0<!--Y/6/4/5--> Scott Craver: <a href="scraver.c">scraver</a>: Local variable l gets assigned to 104 on the big day. When l is laterr used in place of 1 to multiply bush's count by 104.<br>
4.3<!--Y/4/3/6--> Corey Edwards: <a href="cedwards.c">cedwards</a>: #define madness<br>
3.3<!--Y/3/4/3--> David Wheeler: <a href="dwheeler5.c">dwheeler5</a>: Uses different code on election day.<br>
<br>
<br>
<font size="+1"><b>Date Agnostic Programs</b></font><br>
7.3<!--N/6/9/7--> Michal Zalewski: <a href="mzalewski.c">mzalewski</a>: Gives 1/10 of the votes to bush. Relies on macro pasting to alter the apparent meaning of code (suddenly locally declared t hides t in the outer scope) <br>
6.3<!--N/8/6/5--> Kennisth Davis: <a href="kdavis.c">kdavis</a>: printf returns 0 or 1 depending on debug, so if debug is turned on it returns correct values, other moves values there.<br>
6.0<!--N/6/4/8--> Michael Moore: <a href="mmoore.c">mmoore</a>: Comments obfuscate ?: statement that blocks out index.<br>
6.0<!--N/5/6/7--> Jean-Philippe Martin: <a href="jmartin.c">jmartin</a>: query-replace 1 l where l==-1, buffer overrun<br>
5.7<!--N/7/2/8--> Kester Maddock: <a href="kmaddock.c">kmaddock</a>: Arrays begin at 0, not 1; hence uninitialized memory for the initial bush tally.<br>
5.7<!--N/5/4/8--> Fredrick Oehrstroem<a href="foehrstroem.c">foehrstroem</a>: misparenthesized #define statement causes ! to cancel out with !BUSH and makes it only true if !!BUSH==input<br>
5.7<!--N/5/4/8--> Adam Barth: <a href="abarth.c">abarth</a>:   #define, Order of Operations<br>
5.7<!--N/4/7/6--> Travis Fisher:<a href="tfisher.c">tfisher</a>:macro madness... replaces the unsigned char Vote with a crazy expression that does some vote skewing (this is done on the gcc command line). Unfortunately since the exact command line was lost to the sands of time, this one will need to suffice <pre>gcc -Disspace="'K'==" macro_tfisher.c</pre><br>
5.3<!--N/7/3/6--> John Waymouth: <a href="jwaymouth.cpp">jwaymouth</a>: Exploits the fact that order in which arguments are evaluated is undefined in C++ (postincrement in call to doTally)<br>
5.3<!--N/6/6/4--> Matthew T Russotto: <a href="mrussotto.c">mrussotto</a>: Uninitialized other variable could cause the map from char to int to point to zero for the 'Other' category<br>
5.3<!--N/6/4/6--> David Mazieres: <a href="dmazieres.c">dmazieres</a>: local macro variable c hides the outer c. Pasting causes this variable to be shadowed.<br>
5.0<!--N/8/3/4--> Rachel ParkeHouben: <a href="rparke.cpp">rparke</a>: Utilizes the fact that constructed order matters. Produces a warning in gcc<br>
5.0<!--N/6/3/6--> Joshua Hudson: <a href="jhudson.c">jhudson</a>: Passes in the number of bytes read instead of the byte read, while obscuriing it with setjmp and other nasties.<br>
5.0<!--N/5/6/4--> Ryan Cumings: <a href="rcumings.c">rcumings</a>: Modulus operator '%' forces all votes to go to table rows 0 or 1 in lines 130-144. Unrelated, complex code to hide a simple O vs 0 swap.<br>
4.3<!--N/6/3/4--> Robert A Seace: <a href="rseace.c">rseace</a>: Casts from ulong* to uchar* and then accesses it. Also issues a warning in gcc with appropriate options.<br>
4.0<!--N/5/4/3--> Henrik Abelsson: <a href="habelsson.c">habelsson</a>: #defines to gotos! Considered harmful.<br>
4.0<!--N/5/4/3--> Eric Noyau: <a href="enoyau.c">enoyau</a>: Uses l instead of 1<br>
4.0<!--N/4/3/5--> Geir Thomassen: <a href="gthomassen.c">gthomassen</a>: #define of EOF to changing input to bush using comma operator.<br>
4.0<!--N/3/6/3--> David Wheeler: <a href="dwheeler1.c">dwheeler</a>: no break after Other case.<br>
3.7<!--N/6/3/2--> Craig A Rich: <a href="crich.c">crich</a>: Hides a Tally[] = 0 in a comment. Only works on notepad users.<br>
3.7<!--N/5/3/3--> Thiago Campos: <a href="tcampos.c">tcampos</a>: uses wrong ascii value in part of program. Teaches the value of constants in code.<br>
3.7<!--N/5/3/3--> Jared Sohn: <a href="jsohn.c">jsohn</a>: Typo in nader section checking if Vote is 'n' or 'n' instead of 'n' or 'N': votes delivered to Other. Guess its' writein.  Creative alternative comments.<br>
3.7<!--N/4/4/3--> Philip Willoughby:  <a href="pwilloughby.c">pwilloughby</a>: Replaces 1 with l<br>
3.7<!--N/4/4/3--> Oleg Kibirev: <a href="okibirev.c">okibirev</a>: uses l instead of 1 when adding to bush's tally. (this is what the ++ operator is for ;-) )<br>
3.7<!--N/4/4/3--> Hacksprint:  <a href="hacksprint.c">hacksprint</a>: Replaces 1 with l<br>
3.7<!--N/4/4/3--> Alan Krueger: <a href="akrueger.c">akrueger</a>: Replaces 1 with l<br>
3.7<!--N/4/4/3--> Kristian Nielsen<a href="knielsen.c">knielsen</a>: puts the kerry case in a while statement that looks for spaces.<br>
3.3<!--N/4/3/3--> Derek Warnick<a href="dwarnick.c">dwarnick</a>: Zero instead of O in the code gives Other votes to Kerry<br>
3.3<!--N/4/3/3--> Matti Niemenmaa: <a href="mniemenmaa.c">mniemenmaa</a>: = instead of == <br>
3.3<!--N/4/3/3--> Drew Vogel: <a href="dvogel.c">dvogel</a>: bitwise and instead of logical and<br>
3.3<!--N/4/3/3--> Brad Grzesiak: <a href="bgrzesiak.c">bgrzesiak</a>: gets instead of equals<br>
3.0<!--N/3/3/3--> Jonathan Drechsler: <a href="jdrechsler.c">jdrechsler</a>: Uses lower case 'k'<br>
<br>
<br>
Further analysis of these results, and some discussion on how to counter them, can be found in <a href="https://www.ida.org/research-and-publications/publications/all/i/in/initial-analysis-of-underhanded-source-code">Initial Analysis of Underhanded Source Code</a> by David A. Wheeler, IDA Document D-13166, April 2020)