Vincent Rivière, 27.11.2012 21:26:47:
The first thing to do is to add an assert() to early detect a buffer overflow. This is easy and saves much trouble. See my assert() patch as attachment. It will always detect the overflow, whatever the platform is (not only FireTOS). assert.patchDetect buffer overflow in ob_fix_shortcuts(). Contributed by Vincent Riviere.
I don't think it is necessary to use assert here, simply stop processing and emitting a message would be enough (see new patch).
Attached an improved version.Thanks, your patch fixes the problem :-)
I promise the buffer cannot overflow any more :-)
Please commit. BTW, the fact that the last parameter of ob_fix_shortcuts() is a double pointer (void **scp) is strange. This allows to return the internallyallocated buffer to the outside, but this functionality does not seem to beused.
I said I'll have a look at this, but that is not urgent, the buffer-size is big enough atm.
IMHO, a simple pointer and the actual array length (void *scp, long scplen) would be much better. So the assert() will check the buffer overflow against the real buffer size, whenever the buffer is allocated internally or externally.
Currently the buffer-size is not known to ob_fix_shortcuts in that case, I'll probably pass it from the caller.
Helmut, I let you commit the patches and do any additional work, if you like.
Go ahead!If you remove any line containing predef it should give no warning (I did not receive it ...).
So I'll commit this and your other patch or better do the buffer-from-caller-thing first.
-- Helmut Karlowski
Attachment:
obtree.diff
Description: Binary data