On Wed, 2003-03-05 at 16:11, Martin Pool wrote: > I was thinking about Andrew's fstring-overflow patch from a few weeks > ago: for developer builds, it touches the last byte of a string buffer > to check that it's as long as it should be. > > This should be reasonably helpful in catching string overflows on the > heap, but not so good on the stack, because the program can probably > write arbitrarily far past stack variables without trapping, even > under Valgrind. Writing a \0 in there will damage *something* and > probably make the program crash, but it won't be very obvious. I > think this might have been what Jerry saw the other day. > > I think this patch is better: it thoroughly clobbers the contents of > string buffers to make any fstring/pstring/dynamic confusion obvious. > > Here is an example that is caught in developer builds with this patch, > but is hard to catch otherwise: > > #include "includes.h" > > int main(void) > { > fstring dest; > > pstrcpy(dest, "hello"); > > return 0; > } > > This fails with an obvious message under gdb: > > #0 0xf1f1f1f1 in ?? () > Cannot access memory at address 0xf1f1f1f1 > > Please don't apply this yet because I want to see if it catches any > bugs, but I'd love to hear comments.
This will (compared to other checks) slow things down, as we keep filling out those pstrings, but I think it's a great idea - and will catch bugs! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part