SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 11:14 AM
| ||||
| ||||
 sizeof(TYPE) bug pattern Background: some time ago, I asked Otto for some playground to make xmas days less boring, and he suggested to add 64 bit integer arithmetic to ksh. I did so, sent a proof-of-concept patch to Otto and Todd, and a few days later I noticed that I'd also introduced a nice static buffer overflow by accident. This is a part of the original code in /usr/src/bin/ksh/var.c, str_val(): .... /* worst case number length is when base=2, so use BITS(long) */ /* minus base # number null */ static char strbuf[1 + 2 + 1 + BITS(long) + 1]; const char *digits = (vp->flag & UCASEV_AL) ? "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" : "0123456789abcdefghijklmnopqrstuvwxyz"; unsigned long n; int base; .... For that 64 bit patch, I'd to change n to unsigned long long, but I didn't notice that the declaration of strbuf is related to the type (or rather size) of n. Maybe I didn't look close enough, but OTH, since BITS relies on sizeof, the original code would better be: .... unsigned long n; static char strbuf[1 + 2 + 1 + BITS(n) + 1]; .... I suggest to watch out for inappropriate or potentially breakable sizeof(TYPE) constructs in the code that can be replaced by sizeof(VAR). Ciao, Kili      |
Linear Mode
