[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()

To: mint@lists.fishpool.fi
Subject: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
From: "Helmut Karlowski" <helmut.karlowski@ish.de>
Date: Wed, 28 Nov 2012 00:14:03 +0100
In-reply-to: <50B53E62.3010403@freesbee.fr>
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
References: <50A94E7D.8000005@freesbee.fr> <50B3DE48.3010107@freesbee.fr> <op.woenc6ikofd6j1@nebbiolo> <op.woeom70jofd6j1@nebbiolo> <50B52207.9050306@freesbee.fr> <op.wogae0gfofd6j1@nebbiolo> <op.woga60ejofd6j1@nebbiolo> <50B53E62.3010403@freesbee.fr>
Sender: mint-bounce@lists.fishpool.fi
User-agent: Opera Mail/12.02 (Win32)

Vincent Rivière, 27.11.2012 23:27:46:

BTW, I see something which looks wrong in your patch:
while (scuts->c && scuts-sc < objs)

In C, && expressions are evaluated from left to right.
This means that in the case of (scuts-sc < objs) (which actually meansbuffer overflow) you still have accessed scuts->c just before. This


True. But there is one more item free than needed, so nothing would happen.

If you reverse the && operands, that will be OK.


Done.

That +1 may indicate that the sc array may be terminated by a nullentry. I'm not sure, because I didn't look carefully to the code. But

True again, guess that +1 was to always terminate the while-loop. Theoverflow-check now does the same.

you should ensure that the code will behave well when the buffer isfull. I mean near to overflow, when there is no more room for that +1entry.


It can not get that far, but I'll remove the +1, so no one gets confused.

Hope it's all ok now :-)

--
Helmut Karlowski

Follow-Ups:
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>

References:
- [MiNT] XaAES regression in launch()
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] XaAES regression in ob_fix_shortcuts() (was: in launch())
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] XaAES regression in ob_fix_shortcuts() (was: in launch())
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>
- Re: [MiNT] XaAES regression in ob_fix_shortcuts() (was: in launch())
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: "Helmut Karlowski" <helmut.karlowski@ish.de>
- Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>

Prev by Date: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
Next by Date: [MiNT] LDG guide
Previous by thread: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
Next by thread: Re: [MiNT] [PATCH] XaAES regression in ob_fix_shortcuts()
Index(es):
- Date
- Thread