Re: VMS

Liste des GroupesRevenir à ol misc 
Sujet : Re: VMS
De : invalid (at) *nospam* invalid.invalid (Richard Kettlewell)
Groupes : comp.os.linux.misc
Date : 22. Jun 2025, 15:27:22
Autres entêtes
Organisation : terraraq NNTP server
Message-ID : <wwvplev3l85.fsf@LkoBDZeT.terraraq.uk>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
candycanearter07 <candycanearter07@candycanearter07.nomail.afraid>
writes:
Robert Riches <spamtrap42@jacob21819.net> wrote at 03:43 this Saturday (GMT):
Some years ago, I heard of a bug related to use of malloc.  The code
had _intended_ to dynamically allocate storage for a string and the
terminating null byte.  It was _intended_ to do this:
>
        dest = malloc(strlen(src)+1);
>
Instead, a paren was misplaced:
>
        dest = malloc(strlen(src))+1;
>
IIUC, the next line copied the src string into the newly-
allocated destination.
>
Aren't you supposed to multiply by sizeof as well?

No, because strlen already gives you the number of bytes, excluding the
0 terminator.

It’s also worth noting that in general malloc(n * sizeof something) is a
vulnerability if there’s any possibility of adversarial control over the
length ‘n’; the multiply operation can overflow size_t and lead to
allocating a lot less space that required. This isn’t particularly
relevant to strings on most platforms (because multiplying by 1 can’t
overflow) but if you are multiplying anything by a size and passing thr
product to malloc or realloc, you may have a problem.

In principle the fix is to use calloc(), and your C runtime will return
an error if an overflow would occur. That said, in practice C runtimes
were still being found to get this wrong as recently as 2021 so
depending on how mainstream your target platform is, you might want to
check...

Those who had worked on that project longer said the bug had been
latent in the code for several years, most likely with alignment
padding masking the bug from being discovered.  Curiously, the
bug made itself manifest immediately upon changing from a 32-bit
build environment to a 64-bit build environment.
>
I'm more surprised it didn't segfault. Any idea what caused it to not?
I know strlen doesn't account for the terminating character, but it
seems like it should've been TWO bytes shorter...

Segmentation faults don’t happen for all out of bounds accesses, they
happen if you access a page which isn’t mapped at all or if you don’t
have permission on that page for the operation you’re attempting. The
example discussed here would only trigger a segmentation fault if the
allocation finished at the end of a page, otherwise you’ll just read or
write padding bytes, or the header of the next allocation.

--
https://www.greenend.org.uk/rjk/

Date Sujet#  Auteur
14 Jun 25 * Re: VMS118Bobbie Sellers
14 Jun 25 +* Re: VMS109Andreas Eder
15 Jun 25 i`* Re: VMS108Lawrence D'Oliveiro
15 Jun 25 i +* Re: VMS11rbowman
15 Jun 25 i i`* Re: VMS10c186282
15 Jun 25 i i +* Re: VMS5The Natural Philosopher
16 Jun 25 i i i`* Re: VMS4c186282
18 Jun 25 i i i `* Re: VMS3c186282
18 Jun 25 i i i  `* Re: VMS2rbowman
18 Jun 25 i i i   `- Re: VMS1c186282
15 Jun 25 i i `* Re: VMS4rbowman
16 Jun 25 i i  `* Re: VMS3c186282
16 Jun 25 i i   `* Re: VMS2rbowman
16 Jun 25 i i    `- Re: VMS1c186282
15 Jun 25 i `* Re: VMS96c186282
18 Jun 25 i  `* Re: VMS95candycanearter07
18 Jun 25 i   `* Re: VMS94c186282
18 Jun 25 i    +* Re: VMS3candycanearter07
18 Jun 25 i    i`* Re: VMS2Rich
19 Jun 25 i    i `- Re: VMS1rbowman
19 Jun 25 i    `* Re: VMS90Richard Kettlewell
20 Jun 25 i     +* Re: VMS87c186282
20 Jun 25 i     i+* Re: VMS78Richard Kettlewell
20 Jun 25 i     ii+* Re: VMS75The Natural Philosopher
20 Jun 25 i     iii+- Re: VMS1Richard Kettlewell
20 Jun 25 i     iii+* Re: VMS72Rich
20 Jun 25 i     iiii+* Re: VMS66The Natural Philosopher
21 Jun 25 i     iiiii`* Re: VMS65Rich
21 Jun 25 i     iiiii +- Re: VMS1The Natural Philosopher
21 Jun 25 i     iiiii `* Re: VMS63rbowman
21 Jun 25 i     iiiii  `* Re: VMS62Robert Riches
21 Jun 25 i     iiiii   +- Re: VMS1c186282
21 Jun 25 i     iiiii   +- Re: VMS1rbowman
22 Jun 25 i     iiiii   `* Re: VMS59candycanearter07
22 Jun 25 i     iiiii    +* Re: VMS3Richard Kettlewell
22 Jun 25 i     iiiii    i`* Re: VMS2The Natural Philosopher
23 Jun 25 i     iiiii    i `- Re: VMS1c186282
22 Jun 25 i     iiiii    +* Re: VMS3rbowman
23 Jun 25 i     iiiii    i`* Re: VMS2candycanearter07
23 Jun 25 i     iiiii    i `- Re: VMS1rbowman
24 Jun 25 i     iiiii    +* Re: VMS51Robert Riches
24 Jun 25 i     iiiii    i+* Re: VMS6rbowman
24 Jun 25 i     iiiii    ii`* Re: VMS5rbowman
24 Jun 25 i     iiiii    ii `* Re: VMS4The Natural Philosopher
25 Jun 25 i     iiiii    ii  `* Re: VMS3c186282
25 Jun 25 i     iiiii    ii   `* Re: VMS2The Natural Philosopher
25 Jun 25 i     iiiii    ii    `- Re: VMS1c186282
24 Jun 25 i     iiiii    i+* Re: VMS7Richard Kettlewell
25 Jun 25 i     iiiii    ii`* Re: VMS6Robert Riches
25 Jun 25 i     iiiii    ii `* Re: VMS5c186282
25 Jun 25 i     iiiii    ii  +- Re: VMS1rbowman
25 Jun 25 i     iiiii    ii  `* Re: VMS3John Ames
25 Jun 25 i     iiiii    ii   `* Re: VMS2John Ames
26 Jun 25 i     iiiii    ii    `- Re: VMS1c186282
27 Jun07:00 i     iiiii    i`* Re: VMS37candycanearter07
27 Jun08:37 i     iiiii    i `* Re: VMS36Richard Kettlewell
27 Jun08:45 i     iiiii    i  +* Re: VMS4The Natural Philosopher
27 Jun18:27 i     iiiii    i  i`* Re: VMS3c186282
27 Jun19:13 i     iiiii    i  i `* Re: VMS2The Natural Philosopher
28 Jun14:16 i     iiiii    i  i  `- Re: VMS1Chris Ahlstrom
27 Jun18:24 i     iiiii    i  `* Re: VMS31c186282
27 Jun18:40 i     iiiii    i   `* Re: VMS30rbowman
27 Jun19:20 i     iiiii    i    +* Re: VMS4Lew Pitcher
28 Jun00:03 i     iiiii    i    i`* Re: VMS3Lawrence D'Oliveiro
28 Jun06:13 i     iiiii    i    i `* Re: VMS2c186282
28 Jun07:10 i     iiiii    i    i  `- Re: VMS1rbowman
27 Jun23:16 i     iiiii    i    `* Re: VMS25c186282
28 Jun08:52 i     iiiii    i     `* Re: VMS24Richard Kettlewell
29 Jun04:16 i     iiiii    i      `* Re: VMS23c186282
29 Jun08:18 i     iiiii    i       `* Re: VMS22Richard Kettlewell
30 Jun00:09 i     iiiii    i        `* Re: VMS21c186282
30 Jun08:36 i     iiiii    i         +* Re: VMS19The Natural Philosopher
30 Jun08:51 i     iiiii    i         i+* Re: VMS13Richard Kettlewell
30 Jun08:59 i     iiiii    i         ii+* Re: VMS3The Natural Philosopher
30 Jun09:33 i     iiiii    i         iii`* Re: VMS2Lawrence D'Oliveiro
30 Jun17:08 i     iiiii    i         iii `- Re: VMS1John Ames
30 Jun09:00 i     iiiii    i         ii+* Re: VMS4Richard Kettlewell
30 Jun09:24 i     iiiii    i         iii`* Re: VMS3The Natural Philosopher
30 Jun09:34 i     iiiii    i         iii `* Re: VMS2Lawrence D'Oliveiro
1 Jul04:30 i     iiiii    i         iii  `- Re: VMS1c186282
1 Jul04:26 i     iiiii    i         ii`* Re: VMS5c186282
1 Jul10:49 i     iiiii    i         ii `* Re: VMS4The Natural Philosopher
1 Jul13:44 i     iiiii    i         ii  `* Re: VMS3Lew Pitcher
2 Jul02:46 i     iiiii    i         ii   +- Re: VMS1c186282
2 Jul17:03 i     iiiii    i         ii   `- Re: VMS1Lew Pitcher
30 Jun08:54 i     iiiii    i         i+* Re: VMS2Lawrence D'Oliveiro
30 Jun19:10 i     iiiii    i         ii`- Re: VMS1rbowman
1 Jul04:12 i     iiiii    i         i`* Re: VMS3c186282
1 Jul05:02 i     iiiii    i         i `* Re: VMS2rbowman
1 Jul17:42 i     iiiii    i         i  `- Re: VMS1c186282
30 Jun08:56 i     iiiii    i         `- Re: VMS1Richard Kettlewell
27 Jun20:40 i     iiiii    `- Re: VMS1Rich
20 Jun 25 i     iiii`* Re: VMS5Richard Kettlewell
21 Jun 25 i     iiii +* Re: VMS2Rich
21 Jun 25 i     iiii i`- Re: VMS1Richard Kettlewell
21 Jun 25 i     iiii `* Re: VMS2Lawrence D'Oliveiro
21 Jun 25 i     iiii  `- Re: VMS1c186282
21 Jun 25 i     iii`- Re: VMS1c186282
21 Jun 25 i     ii`* Re: VMS2c186282
21 Jun 25 i     ii `- Re: VMS1rbowman
20 Jun 25 i     i+* Re: VMS6The Natural Philosopher
20 Jun 25 i     i`* Re: VMS2Rich
20 Jun 25 i     `* Re: VMS2Lawrence D'Oliveiro
15 Jun 25 `* Re: VMS8Rich

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal