[Sent this to the OP rather than the list. I'm sure there's a compelling reason for not setting Reply-to to the list, but it's damn annoying all the same.] > From: Michael Wojcik > Sent: Wednesday, May 14, 2003 10:14 AM > To: 'David R. Piegdon' > Subject: RE: partial analysis of vulndev-1.c > > > > From: David R. Piegdon [mailto:fleshyCPUat_private] > > Sent: Tuesday, May 13, 2003 2:35 PM > > > first thing :) > > as far as i know, in PLAIN C a function call is not allowed > > during the definition of a variable > > { char *buf1 = malloc(SIZE); } > > but in C++, it is allowed. > > It's permitted in C as well, since at least the 1989 ANSI C > standard, for variables with automatic storage. See eg ISO > 9899-1990 6.5.7. > > > [1] { strncpy(buf2, p2, SIZE); } > > and > > [2] { for (i = 0; i <= SIZE && p1[i] != '\0'; i++) buf1[i] > > = p1[i]; } > > > > it is obvious that [1] will always copy SIZE chars. > > Not if strlen(p2) is well-defined and < SIZE. > > > 2. a buffer overflow, if strlen(p1) >= SIZE. > > actually my gcc-compiled version does not catch this one with > > a SIGSEGV, but i don't know why. > > Don't count on receiving SIGSEGV just because you overrun a > buffer. Typical virtual-memory architecture operates on > chunks of memory called "pages"; 4KB is a typical page size. > The program won't cause a violation unless it tries to touch > a page it doesn't own. In this case, you overran the buffer, > but not far enough to get to a page you hadn't allocated. > > Michael Wojcik > Principal Software Systems Developer, Micro Focus >
This archive was generated by hypermail 2b30 : Wed May 14 2003 - 09:21:19 PDT