2010/12/10 Mike Blumenkrantz <m...@zentific.com>: > On Fri, 10 Dec 2010 10:25:40 -0200 > Iván Briano (Sachiel) <sachi...@gmail.com> wrote: > >> 2010/12/10 Mike Blumenkrantz <m...@zentific.com>: >> > On Fri, 10 Dec 2010 10:00:05 -0200 >> > Iván Briano (Sachiel) <sachi...@gmail.com> wrote: >> > >> >> 2010/12/10 Mike Blumenkrantz <m...@zentific.com>: >> >> > On Fri, 10 Dec 2010 09:42:53 -0200 >> >> > Iván Briano (Sachiel) <sachi...@gmail.com> wrote: >> >> > >> >> >> 2010/12/9 Enlightenment SVN <no-re...@enlightenment.org>: >> >> >> > Log: >> >> >> > this error fix is dedicated to Tommy[D] for continuing to prove that >> >> >> > the impossible can still be possible on his system >> >> >> > >> >> >> > >> >> >> > Author: discomfitor >> >> >> > Date: 2010-12-09 13:02:53 -0800 (Thu, 09 Dec 2010) >> >> >> > New Revision: 55432 >> >> >> > Trac: http://trac.enlightenment.org/e/changeset/55432 >> >> >> > >> >> >> > Modified: >> >> >> > trunk/ecore/src/lib/ecore_con/ecore_con.c >> >> >> > >> >> >> > Modified: trunk/ecore/src/lib/ecore_con/ecore_con.c >> >> >> > =================================================================== >> >> >> > --- trunk/ecore/src/lib/ecore_con/ecore_con.c 2010-12-09 18:39:08 >> >> >> > UTC (rev 55431) +++ trunk/ecore/src/lib/ecore_con/ecore_con.c >> >> >> > 2010-12-09 21:02:53 UTC (rev 55432) @@ -2231,15 +2231,17 @@ >> >> >> > if (!svr->write_buf) >> >> >> > return; >> >> >> > >> >> >> > + num = svr->write_buf_size - svr->write_buf_offset; >> >> >> > + >> >> >> > /* check whether we need to write anything at all. >> >> >> > * we must not write zero bytes with SSL_write() since it >> >> >> > * causes undefined behaviour >> >> >> > */ >> >> >> > - if (svr->write_buf_size == svr->write_buf_offset) >> >> >> > - return; >> >> >> > + /* we thank Tommy[D] for needing to check negative buffer sizes >> >> >> > + * here because his system is amazing. >> >> >> > + */ >> >> >> > + if (num <= 0) return; >> >> >> > >> >> >> >> >> >> How can you get to that point without something else screwing up >> >> >> before? >> >> >> It looks like you wrote more than you had in your buffer. >> >> >> >> >> >> > - num = svr->write_buf_size - svr->write_buf_offset; >> >> >> > - >> >> >> > if (svr->handshaking) >> >> >> > { >> >> >> > DBG("Continuing ssl handshake"); >> >> >> > >> >> >> > >> >> >> > ------------------------------------------------------------------------------ >> >> >> > _______________________________________________ >> >> >> > enlightenment-svn mailing list >> >> >> > enlightenment-...@lists.sourceforge.net >> >> >> > https://lists.sourceforge.net/lists/listinfo/enlightenment-svn >> >> >> > >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> >> >> enlightenment-devel mailing list >> >> >> enlightenment-devel@lists.sourceforge.net >> >> >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >> >> > I honestly have no idea, but apparently Tommy[D] is able to do it using >> >> > the mail (I think?) module. The only way that it's possible is if >> >> > ecore_con screws up internally, and as far as I can tell that doesn't >> >> > seem possible either. >> >> > >> >> >> >> But it's happening. Maybe some wrong pointer arithmetic that >> >> doesn't properly take into account 64bits sizes? >> > This member is just a simple int though, pointer math shouldn't matter. >> >> >> >> But how you account for written stuff could. I didn't check that code, >> but it does look like something else is wrong if you a negative count. >> >> >> > -- >> >> > Mike Blumenkrantz >> >> > Zentific: We run the three-legged race individually. >> >> > >> > >> > >> > -- >> > Mike Blumenkrantz >> > Zentific: We run the three-legged race individually. >> > > All it does is subtract the current offset from the total length. The problem > is when the difference is negative. No clue how that can happen though. >
The offset being larger than the full length is one way. How can that happen? I guess that successfully writing more than needed (some math error somewhere else) or a wrong error checking done that ends up increasing the current offset more than it should. Or something is taking a dump over someone else's memory and nothing makes sense anymore. > -- > Mike Blumenkrantz > Zentific: We run the three-legged race individually. > ------------------------------------------------------------------------------ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
