On Sun, Feb 19, 2006 at 02:01:08PM -0500, Phil Longstaff wrote: > On February 19, 2006 06:43 pm, Derek Atkins wrote: > > Phil Longstaff <[EMAIL PROTECTED]> writes: > > > The attached patch replaces the const 16 with GUID_DATA_SIZE, only > > > compares the guid data, not the other field in the struct, and removes > > > the use of the dirent structure in md5 calculation. > > > > I've applied everything but the part to remove the dirent/md5 call. > > We shouldn't reduce our entropy. We should just add a valgrind > > suppression for that particular issue. > > > > -derek > > No problem. I wasn't happy with it anyway. I'm more concerned about the > read > after the end of a malloc'ed area than about the uninitialized memory. I'll > figure out a patch for the valgrind suppressions and send in a patch.
Been there, done that. The problem with using valgrind suppressions for this is that you'd need a supression for every codepath that jumps on a guid read, like every instance of a ghashtable that uses guid keys and every place we store a guid and later compare with it. I think it's better just to use the valid portion of the dirent. Something like: md5_process_bytes(de, strlen(de->d_name), &guid_context); total += strlen(de->d_name); -chris _______________________________________________ gnucash-devel mailing list [email protected] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
