[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()



Vincent Rivière, 27.11.2012 21:26:47:

The first thing to do is to add an assert() to early detect a buffer
overflow. This is easy and saves much trouble. See my assert() patch as
attachment. It will always detect the overflow, whatever the platform is
(not only FireTOS).

assert.patch
Detect buffer overflow in ob_fix_shortcuts(). Contributed by Vincent Riviere.

I don't think it is necessary to use assert here, simply stop processing and emitting a message would be enough (see new patch).

Attached an improved version.

Thanks, your patch fixes the problem :-)

I promise the buffer cannot overflow any more :-)

Please commit.

BTW, the fact that the last parameter of ob_fix_shortcuts() is a double
pointer (void **scp) is strange. This allows to return the internally
allocated buffer to the outside, but this functionality does not seem to be
used.

I said I'll have a look at this, but that is not urgent, the buffer-size is big enough atm.

IMHO, a simple pointer and the actual array length (void *scp, long scplen) would be much better. So the assert() will check the buffer overflow against the real buffer size, whenever the buffer is allocated internally or externally.

Currently the buffer-size is not known to ob_fix_shortcuts in that case, I'll probably pass it from the caller.

Helmut, I let you commit the patches and do any additional work, if you like.

Go ahead!

If you remove any line containing predef it should give no warning (I did not receive it ...).

So I'll commit this and your other patch or better do the buffer-from-caller-thing first.

--
Helmut Karlowski

Attachment: obtree.diff
Description: Binary data