On 11/9/07, Charles Forsyth <[EMAIL PROTECTED]> wrote: > > For example in convM2D() it sets ebuf as: > > ebuf = buf + nbuf; > > > > and then checks if reads will go past ebuf. But ebuf will point to the > > first byte after the buffer, so past ebuf will include the byte after > > the buffer. So it can potentially try to read of write to one byte > > past the buffer in all these functions. > > it would if it tries to access that byte but it doesn't in convM2D.c or > convD2M.c > it's checking that the resulting pointer after accessing the bytes will still > be <= ebuf, > which (i think) is correct. >
On second thought I think you are correct. At the end of the function the pointer might be one byte past the buffer size, but then it won't do any reads or writes (But it could be a problem if the buffer is right at the end of the virtual memory space :). Sorry about the buggy bug report. -- Erik Dalén [EMAIL PROTECTED]
