[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()



Vincent Rivière, 27.11.2012 23:27:46:

BTW, I see something which looks wrong in your patch:
while (scuts->c && scuts-sc < objs)

In C, && expressions are evaluated from left to right.
This means that in the case of (scuts-sc < objs) (which actually means buffer overflow) you still have accessed scuts->c just before. This

True. But there is one more item free than needed, so nothing would happen.

If you reverse the && operands, that will be OK.

Done.

That +1 may indicate that the sc array may be terminated by a null entry. I'm not sure, because I didn't look carefully to the code. But

True again, guess that +1 was to always terminate the while-loop. The overflow-check now does the same.

you should ensure that the code will behave well when the buffer is full. I mean near to overflow, when there is no more room for that +1 entry.

It can not get that far, but I'll remove the +1, so no one gets confused.

Hope it's all ok now :-)

--
Helmut Karlowski