Bugs item #2858723, was opened at 2009-09-14 12:47
Message generated for change (Tracker Item Submitted) made by eteran
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=111005&aid=2858723&group_id=11005
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Evan Teran (eteran)
Assigned to: Nobody/Anonymous (nobody)
Summary: Off by one error causes crash with certain optimizations
Initial Comment:
regularExp.c contains an off by one error. Default_Delimiters is defined as
static unsigned char Default_Delimiters [UCHAR_MAX] = {0};
Note, that UCHAR_MAX == 255 on most architectures. Later, makeDelimiterTable
does the following on line 4089:
memset (table, 0, 256);
This overwrites one byte of an adjacent variable with 0, Most likely the
Current_Delimiters variable. When compiling with "-O2 -finline-functions" this
will cause a crash. (Also some versions of gcc will give a warning about the
buffer overflow:
In file included from /usr/include/string.h:640,
from regularExp.c:83:
In function \u2018memset\u2019,
inlined from \u2018SetREDefaultWordDelimiters\u2019 at regularExp.c:4089:
/usr/include/bits/string3.h:85: warning: call to __builtin___memset_chk will
always overflow destination buffer
Changing the declaration to be:
static unsigned char Default_Delimiters [UCHAR_MAX + 1] = {0};
or
static unsigned char Default_Delimiters [256] = {0}; /* since we are using
magic numbers later, why not just hard code it! */
solves the problem
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=111005&aid=2858723&group_id=11005
--
NEdit Develop mailing list - [email protected]
http://www.nedit.org/mailman/listinfo/develop
