Mark,

Thanks. It seems quite evident. I will try to set up a scenario to catch it 
with valgrind though. Do you think it would be easy? I believe you deem it 
unnecessary, right?

Thanks,
Antonio

> El 3 jul 2017, a las 9:09, Mark Hermeling <mhermel...@grammatech.com> 
> escribió:
> 
> Antonio,
> 
> That is certainly true once the modification that I proposed is applied. You 
> need to allocate the space of the string, plus one character for the EOL. 
> However, with the current code you allocate enough memory for the string and 
> then move the pointer one character to the right. It is a simple typo, the 
> brackets are placed incorrectly. 
> 
> Regards,
> Mark
> 
> --
> Sent from my phone, please excuse any typos. 
> 
> 
>> On Jul 3, 2017, at 00:14, Antonio Ceballos <acebal...@gmail.com> wrote:
>> 
>> Hi Mark,
>> 
>> Thanks for finding this potential bug and for providing a fix. However, How 
>> would you reply to the comment that is written right before the line you 
>> mentioned (I am not the author):
>> 
>>     /* This doesn't have buffer overflow vulnerabilities, because
>>        we always allocate for enough space before appending. */
>> 
>> Thanks,
>> Antonio Ceballos
>> 
>> 
>>> On Fri, Jun 30, 2017 at 2:20 PM, Mark Hermeling <mhermel...@grammatech.com> 
>>> wrote:
>>> Hello,
>>> 
>>> There is a buffer overrun in return_append_str in src/frontend/lexpgn.cc at 
>>> line
>>> 2224                        newloc = (char *) malloc(strlen(s))+1;
>>> 
>>> The line should read:
>>> newloc = (char *) malloc(strlen(s)+1);
>>> 
>>> We found this using static analysis using CodeSonar. I don’t have an actual 
>>> path that will demonstrate this bug.
>>> 
>>> Regards,
>>> Mark
>>> 
>>> —
>>> Mark Hermeling | GrammaTech | Senior Director Product Marketing
>>> mobile +1 (607) 351-5719 | www.grammatech.com
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Bug-gnu-chess mailing list
>>> Bug-gnu-chess@gnu.org
>>> https://lists.gnu.org/mailman/listinfo/bug-gnu-chess
>>> 
>> 
_______________________________________________
Bug-gnu-chess mailing list
Bug-gnu-chess@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-gnu-chess

Reply via email to