[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft] Possible issue in FreeType
|
From: |
Jan Engelhardt |
|
Subject: |
Re: [ft] Possible issue in FreeType |
|
Date: |
Thu, 28 May 2015 10:09:48 +0200 (CEST) |
|
User-agent: |
Alpine 2.20 (LSU 67 2015-01-07) |
On Thursday 2015-05-28 05:43, J Decker wrote:
> Version: 2.5.5
> File src/tools/apinames.c
> Function: static void names_dump(...)
> Line: ~186
>
> In the case that the process flow executes code inside the "if"
> statement at line 170: "if ( dot != NULL )", there is a line of code
> where "dll_name" points to a local variable "temp" which becomes invalid
> outside "if" block. So in the next [=following] for loop "dll_name"
> variable could point to an invalid memory segment.
>
>According to the standards, it should be invalid. I have never seen a
>compiler that actually over-uses stack variables;
The standard is reason alone to fix it. A compiler may add
instructions to write poison codes there (think ASAN/UBSAN, and
possibly the valgrind interpreter).
>Stack space for variables is also only allocated at the subroutine
>prefix code and deallocated at the suffix....
That is a false statement. gcc expands the stack in the middle - it
has to - in case of dynamicly-sized reservations on automatic
storage. (VLAs, alloca, ...)
>BUT; I also wouldn't trust that, and would recommend moving the declaration
>of the temp variable up a code block (where const char * dot is declared)