On Sep 23, 2010, at 11:37, walter harms wrote:
Pat Kane schrieb:
In the original code if 'i' is equal to 10 then the line
(void) memmove((char*)par, (char*)params, i * sizeof(String) );
moves ten things, which is okay.
The next line:
bzero( par[i], (10-i) * sizeof(String) );
Barry Scott schrieb:
On Wednesday 22 September 2010 08:18:21 walter harms wrote:
hi List,
the code checks the upperlimit to 10 while the upperlimit is actualy 9.
You could use (sizeof( par )/sizeof( String ))-1 to make the code robust
aginst
a change to the size of par.
yep, i could
As I had mentioned earlier, there actually is no overflow because the code
cannot reach that point if *num_params is 0.
On Sep 23, 2010, at 09:26, walter harms wrote:
Barry Scott schrieb:
On Wednesday 22 September 2010 08:18:21 walter harms wrote:
hi List,
the code checks the upperlimit
In the original code if 'i' is equal to 10 then the line
(void) memmove((char*)par, (char*)params, i * sizeof(String) );
moves ten things, which is okay.
The next line:
bzero( par[i], (10-i) * sizeof(String) );
moves zero things to a bad address, which is probably okay,
but I bet some code
Pat Kane schrieb:
In the original code if 'i' is equal to 10 then the line
(void) memmove((char*)par, (char*)params, i * sizeof(String) );
moves ten things, which is okay.
The next line:
bzero( par[i], (10-i) * sizeof(String) );
moves zero things to a bad address, which is probably
setting the limit to i=9 would fix that.
But then the line
(void) memmove((char*)par, (char*)params, i * sizeof(String) );
would be wrong since it would move nine instead of ten things.
___
xorg@lists.freedesktop.org: X.Org support
Archives:
hi List,
the code checks the upperlimit to 10 while the upperlimit is actualy 9.
re,
wh
--- libXt-1.0.8/src/Error.c.org 2010-09-21 23:23:00.0 +0200
+++ libXt-1.0.8/src/Error.c 2010-09-21 23:24:03.0 +0200
@@ -257,7 +257,7 @@
*/
Cardinal i =
