On Fri, 10 Dec 2010 10:48:28 -0200 Iván Briano (Sachiel) <sachi...@gmail.com> wrote:
> 2010/12/10 Mike Blumenkrantz <m...@zentific.com>: > > On Fri, 10 Dec 2010 10:25:40 -0200 > > Iván Briano (Sachiel) <sachi...@gmail.com> wrote: > > > >> 2010/12/10 Mike Blumenkrantz <m...@zentific.com>: > >> > On Fri, 10 Dec 2010 10:00:05 -0200 > >> > Iván Briano (Sachiel) <sachi...@gmail.com> wrote: > >> > > >> >> 2010/12/10 Mike Blumenkrantz <m...@zentific.com>: > >> >> > On Fri, 10 Dec 2010 09:42:53 -0200 > >> >> > Iván Briano (Sachiel) <sachi...@gmail.com> wrote: > >> >> > > >> >> >> 2010/12/9 Enlightenment SVN <no-re...@enlightenment.org>: > >> >> >> > Log: > >> >> >> > this error fix is dedicated to Tommy[D] for continuing to prove > >> >> >> > that the impossible can still be possible on his system > >> >> >> > > >> >> >> > > >> >> >> > Author: discomfitor > >> >> >> > Date: 2010-12-09 13:02:53 -0800 (Thu, 09 Dec 2010) > >> >> >> > New Revision: 55432 > >> >> >> > Trac: http://trac.enlightenment.org/e/changeset/55432 > >> >> >> > > >> >> >> > Modified: > >> >> >> > trunk/ecore/src/lib/ecore_con/ecore_con.c > >> >> >> > > >> >> >> > Modified: trunk/ecore/src/lib/ecore_con/ecore_con.c > >> >> >> > =================================================================== > >> >> >> > --- trunk/ecore/src/lib/ecore_con/ecore_con.c 2010-12-09 18:39:08 > >> >> >> > UTC (rev 55431) +++ trunk/ecore/src/lib/ecore_con/ecore_con.c > >> >> >> > 2010-12-09 21:02:53 UTC (rev 55432) @@ -2231,15 +2231,17 @@ > >> >> >> > if (!svr->write_buf) > >> >> >> > return; > >> >> >> > > >> >> >> > + num = svr->write_buf_size - svr->write_buf_offset; > >> >> >> > + > >> >> >> > /* check whether we need to write anything at all. > >> >> >> > * we must not write zero bytes with SSL_write() since it > >> >> >> > * causes undefined behaviour > >> >> >> > */ > >> >> >> > - if (svr->write_buf_size == svr->write_buf_offset) > >> >> >> > - return; > >> >> >> > + /* we thank Tommy[D] for needing to check negative buffer sizes > >> >> >> > + * here because his system is amazing. > >> >> >> > + */ > >> >> >> > + if (num <= 0) return; > >> >> >> > > >> >> >> > >> >> >> How can you get to that point without something else screwing up > >> >> >> before? It looks like you wrote more than you had in your buffer. > >> >> >> > >> >> >> > - num = svr->write_buf_size - svr->write_buf_offset; > >> >> >> > - > >> >> >> > if (svr->handshaking) > >> >> >> > { > >> >> >> > DBG("Continuing ssl handshake"); > >> >> >> > > >> >> >> > > >> >> >> > ------------------------------------------------------------------------------ > >> >> >> > _______________________________________________ > >> >> >> > enlightenment-svn mailing list > >> >> >> > enlightenment-...@lists.sourceforge.net > >> >> >> > https://lists.sourceforge.net/lists/listinfo/enlightenment-svn > >> >> >> > > >> >> >> > >> >> >> ------------------------------------------------------------------------------ > >> >> >> _______________________________________________ > >> >> >> enlightenment-devel mailing list > >> >> >> enlightenment-devel@lists.sourceforge.net > >> >> >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > >> >> > I honestly have no idea, but apparently Tommy[D] is able to do it > >> >> > using the mail (I think?) module. The only way that it's possible is > >> >> > if ecore_con screws up internally, and as far as I can tell that > >> >> > doesn't seem possible either. > >> >> > > >> >> > >> >> But it's happening. Maybe some wrong pointer arithmetic that > >> >> doesn't properly take into account 64bits sizes? > >> > This member is just a simple int though, pointer math shouldn't matter. > >> >> > >> > >> But how you account for written stuff could. I didn't check that code, > >> but it does look like something else is wrong if you a negative count. > >> > >> >> > -- > >> >> > Mike Blumenkrantz > >> >> > Zentific: We run the three-legged race individually. > >> >> > > >> > > >> > > >> > -- > >> > Mike Blumenkrantz > >> > Zentific: We run the three-legged race individually. > >> > > > All it does is subtract the current offset from the total length. The > > problem is when the difference is negative. No clue how that can happen > > though. > > > > The offset being larger than the full length is one way. How can that happen? > I guess that successfully writing more than needed (some math error somewhere > else) or a wrong error checking done that ends up increasing the current > offset more than it should. > Or something is taking a dump over someone else's memory and nothing makes > sense anymore. > > > -- > > Mike Blumenkrantz > > Zentific: We run the three-legged race individually. > > I blame cedric. -- Mike Blumenkrantz Zentific: We run the three-legged race individually. ------------------------------------------------------------------------------ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
