[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()



On 27/11/2012 22:26, Helmut Karlowski wrote:
That one's better ...

Good.
I see that you have committed your changes.

I have recompiled XaAES from CVS, it works fine, now :-)
Thank you, Helmut.
I consider that the issue is fixed.

BTW, I see something which looks wrong in your patch:
while (scuts->c && scuts-sc < objs)

In C, && expressions are evaluated from left to right.
This means that in the case of (scuts-sc < objs) (which actually means buffer overflow) you still have accessed scuts->c just before. This means that you have accessed the area just after the buffer, which may be a forbidden area, etc.

If you reverse the && operands, that will be OK.

Also, there is something strange in the allocation :
len = ((long)objs + 1) * sizeof(struct sc);

That +1 may indicate that the sc array may be terminated by a null entry. I'm not sure, because I didn't look carefully to the code. But you should ensure that the code will behave well when the buffer is full. I mean near to overflow, when there is no more room for that +1 entry.

--
Vincent Rivière