From: Patrick Lam (plam@plam.lcs.mit.edu)
Date: Wed Aug 20 2003 - 01:18:25 EDT
fix memory error (thanks valgrind!) making up part of 5506
CVS:
----------------------------------------------------------------------
CVS: Enter Log. Lines beginning with `CVS:' are removed automatically
CVS:
CVS: Committing in .
CVS:
CVS: Modified Files:
CVS: src/af/util/xp/ut_growbuf.cpp
CVS:
----------------------------------------------------------------------
For those of you who are keeping score at home, here's what happened.
ut_growbuf represents a buffer, which has m_iSize and m_iSpace fields,
because it allocates memory in chunks larger than the actual size of the
buffer being used.
You can call the ::ins method to insert extra length into the buffer.
However, ::ins could be tricked into writing past the end of the buffer
in the following situation.
m_iSize = 1024, m_iSpace = 2048
::ins(position = 1536, length = 1024)
The old check for ::ins just verified that there was enough free space
(and there is, since 2048-1024 = 1024), but this doesn't work when you
insert past the end of the buffer. Now we zero-fill the gap.
There might still be a problem in the calling code, if it's allocating
past the end of the array (fl_CharWidths::ins). I'll take a peek at it.
pat
This archive was generated by hypermail 2.1.4 : Wed Aug 20 2003 - 01:31:07 EDT