Re: [code] PATCH: fix a heap buffer overflow

From: Mitchell <m.att.foicica.com>
Date: Tue, 16 Feb 2016 20:52:57 -0500 (EST)

Hi Markus,

On Mon, 15 Feb 2016, Markus F.X.J. Oberhumer wrote:

> Please see attached patch and log.
>
> BTW, I can really recommend "-fsanitize=address" to all C/C++ users.
> For a for a relatively modest performance slowdown you do get a lot
> of useful runtime checks.

I'm not sure I agree with the output of that tool. Scintilla initializes
SCNotifications like this:

   SCNotification scn = {};

Now I am no expert on this, but according to the C standard, that
type of initializer zeros out all structure members. Therefore accessing
`scn->text` and passing its result to `lua_pushstring` will always result
in a zero read length (since `lua_pushstring` works with C strings).

Could you shed some more light on this? I'm not sure how to interpret the
output of your tool :(

(By the way, Valgrind does not report this, or at least not in the limited
way I know how to run it, which is why I haven't seen it before.)

Cheers,
Mitchell

-- 
You are subscribed to code.att.foicica.com.
To change subscription settings, send an e-mail to code+help.att.foicica.com.
To unsubscribe, send an e-mail to code+unsubscribe.att.foicica.com.
Received on Tue 16 Feb 2016 - 20:52:57 EST

This archive was generated by hypermail 2.2.0 : Wed 17 Feb 2016 - 06:33:48 EST