Follow-up Comment #2, patch #6719 (project pspp):
'4. It looks to me as if interaction_value_create is going to cause a buffer
overflow. result->strings has a width of MAX_SHORT_STRING but you are writing
to it MAX_SHORT_STRING * n_vars bytes + 1 bytes.'
I fixed the other problems, but I'm not sure about this one. The obvious way
to handle it is to do this:
result->strings = value_create (n_vars * MAX_SHORT_STRING + 1);
but that seems like a bad idea because result->strings is a union value *,
whose 's' member has size of only MAX_SHORT_STRING. So what should I do? I
need a union value *, but with more space to hold the string.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/patch/?6719>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
pspp-dev mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/pspp-dev
