"Serge E. Hallyn" <serue@us.ibm.com> writes: > Address two reports from an automatic code analyzer: > > 1. In logreport, it is possible to write \0 one > character past the end of buf[]. I am perhaps slower than I usually am today, but it seems to me that the code caps msglen to (maxlen-1) and then adds that to buflen. Now, maxlen is (sizeof(buf)-buflen-1), so that means after the "buflen += msglen" happens, buflen is at most: buflen + (sizeof(buf)-buflen-1) - 1 = sizeof(buf) - 2 And then "buf[buflen++] = '\n'; buf[buflen] = '\0'" happens. '\n' is written at sizeof(buf)-2 (or lower index than that) and '\0' is written at sizeof(buf)-1 (or lower). I am unsure how it steps beyond the end... > 2. In socksetup, socklist can be leaked when returning > if set_reuse_addr(). Note: dunno why this case returns... I am not sure why this part returns either. It appears to me that it should just keep going just like the cases where bind/listen fails. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Tue Apr 18 07:43:21 2006
This archive was generated by hypermail 2.1.8 : 2006-04-18 07:47:07 EST