Mark, Thanks. It seems quite evident. I will try to set up a scenario to catch it with valgrind though. Do you think it would be easy? I believe you deem it unnecessary, right?
Thanks, Antonio > El 3 jul 2017, a las 9:09, Mark Hermeling <mhermel...@grammatech.com> > escribió: > > Antonio, > > That is certainly true once the modification that I proposed is applied. You > need to allocate the space of the string, plus one character for the EOL. > However, with the current code you allocate enough memory for the string and > then move the pointer one character to the right. It is a simple typo, the > brackets are placed incorrectly. > > Regards, > Mark > > -- > Sent from my phone, please excuse any typos. > > >> On Jul 3, 2017, at 00:14, Antonio Ceballos <acebal...@gmail.com> wrote: >> >> Hi Mark, >> >> Thanks for finding this potential bug and for providing a fix. However, How >> would you reply to the comment that is written right before the line you >> mentioned (I am not the author): >> >> /* This doesn't have buffer overflow vulnerabilities, because >> we always allocate for enough space before appending. */ >> >> Thanks, >> Antonio Ceballos >> >> >>> On Fri, Jun 30, 2017 at 2:20 PM, Mark Hermeling <mhermel...@grammatech.com> >>> wrote: >>> Hello, >>> >>> There is a buffer overrun in return_append_str in src/frontend/lexpgn.cc at >>> line >>> 2224 newloc = (char *) malloc(strlen(s))+1; >>> >>> The line should read: >>> newloc = (char *) malloc(strlen(s)+1); >>> >>> We found this using static analysis using CodeSonar. I don’t have an actual >>> path that will demonstrate this bug. >>> >>> Regards, >>> Mark >>> >>> — >>> Mark Hermeling | GrammaTech | Senior Director Product Marketing >>> mobile +1 (607) 351-5719 | www.grammatech.com >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Bug-gnu-chess mailing list >>> Bug-gnu-chess@gnu.org >>> https://lists.gnu.org/mailman/listinfo/bug-gnu-chess >>> >>
_______________________________________________ Bug-gnu-chess mailing list Bug-gnu-chess@gnu.org https://lists.gnu.org/mailman/listinfo/bug-gnu-chess