Hiya,
This isn't at all serious; it's only in test code, but it might cause
false negatives under pathological circumstances. The code reads :
--8<--------
main()
{
LHASH *conf;
char buf[256];
int i;
conf=lh_new(lh_strhash,strcmp);
for (;;)
{
char *p;
buf[0]='\0';
fgets(buf,256,stdin);
if (buf[0] == '\0') break;
buf[256]='\0'; /* JRF: THIS IS A FAULT */
i=strlen(buf);
p=OPENSSL_malloc(i+1);
memcpy(p,buf,i+1);
lh_insert(conf,p);
}
lh_node_stats(conf,stdout);
lh_stats(conf,stdout);
lh_node_usage_stats(conf,stdout);
exit(0);
}
--8<--------
buf[256] cannot be referenced because it is outside the array allocated
in the automatic variables. This raises an 'array out of bounds' warning
on Norcroft C.
--
Gerph {djf0-.3w6e2w2.226,6q6w2q2,2.3,2m4}
URL: http://www.movspclr.co.uk/
[ All information, speculation, opinion or data within, or attached to,
this email is private and confidential. Such content may not be
disclosed to third parties, or a public forum, without explicit
permission being granted. ]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
