On Wed, 2003-03-05 at 16:11, Martin Pool wrote:
> I was thinking about Andrew's fstring-overflow patch from a few weeks
> ago: for developer builds, it touches the last byte of a string buffer
> to check that it's as long as it should be.
>
> This should be reasonably helpful in catching string overflows on the
> heap, but not so good on the stack, because the program can probably
> write arbitrarily far past stack variables without trapping, even
> under Valgrind. Writing a \0 in there will damage *something* and
> probably make the program crash, but it won't be very obvious. I
> think this might have been what Jerry saw the other day.
>
> I think this patch is better: it thoroughly clobbers the contents of
> string buffers to make any fstring/pstring/dynamic confusion obvious.
>
> Here is an example that is caught in developer builds with this patch,
> but is hard to catch otherwise:
>
> #include "includes.h"
>
> int main(void)
> {
> fstring dest;
>
> pstrcpy(dest, "hello");
>
> return 0;
> }
>
> This fails with an obvious message under gdb:
>
> #0 0xf1f1f1f1 in ?? ()
> Cannot access memory at address 0xf1f1f1f1
>
> Please don't apply this yet because I want to see if it catches any
> bugs, but I'd love to hear comments.This will (compared to other checks) slow things down, as we keep filling out those pstrings, but I think it's a great idea - and will catch bugs! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
