[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] popt buggy
|
From: |
Richard Levitte - VMS Whacker |
|
Subject: |
Re: [Monotone-devel] popt buggy |
|
Date: |
Sat, 02 Apr 2005 10:35:33 +0200 (CEST) |
In message <address@hidden> on Fri, 01 Apr 2005 22:35:26 -0500, Jeremy Cowgar
<address@hidden> said:
jeremy> > after all the problems that appeared with -@, with all kind
jeremy> > of garbage being thrown in your face, memory errors and
jeremy> > stuff, and discussions on IRC, I took a good look at popt
jeremy> > (Debian, 1.7-5). Lo and behold, I found a nasty bug!
jeremy>
jeremy> Great! Glad you found the problem.
I've found more... It seems like the leftovers array is allocated
only once, when poptGetContext(), and is sizes according to the argv
passed then. After that, it's happily and merrily being added to,
with no regard whatsoever for the actual size of the original
allocation.
As long as poptStuffArgs() isn't used, that's fine, there's enough
space to take the whole original argv. However, when more arguments
are added, suddenly there's a potential buffer overflow. And when you
use -@ with a file that contains some 20 to 30 revision IDs, BOY does
it flow over!
What happens is that the next array allocated in memory (it so happens
to be another field in the popt context structure, finalArgv) gets
entirely trashed, and if you're unlucky, the memory allocation meta
data as well. Since we have no use for that array, the symptoms don't
start to show before one of leftovers and finalArgv is freed. That's
when all hell breaks loose.
I'll create a fix for that problem as well, and at this point, I think
it would be smart for us to included popt in our sources, just like
Nathaniel said. I may need some help with that integration, but
that'll probably be another IRC session after the weekend (I'm
spending the weekend with my lady, so there won't be so much hacking
done).
I'll beat this beast until it behaves...
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
- Re: [Monotone-devel] popt buggy, (continued)
- Re: [Monotone-devel] popt buggy, Richard Levitte - VMS Whacker, 2005/04/02
- Re: [Monotone-devel] popt buggy, Julio M. Merino Vidal, 2005/04/02
- boost::program_options (was Re: [Monotone-devel] popt buggy), Nathaniel Smith, 2005/04/02
- Re: boost::program_options (was Re: [Monotone-devel] popt buggy), Vladimir Prus, 2005/04/04
- Re: boost::program_options (was Re: [Monotone-devel] popt buggy), Jon Bright, 2005/04/05
- Re: boost::program_options (was Re: [Monotone-devel] popt buggy), Vladimir Prus, 2005/04/05
- [Monotone-devel] Re: boost::program_options, Richard Levitte - VMS Whacker, 2005/04/19
- Re: [Monotone-devel] Re: boost::program_options, Corey Halpin, 2005/04/19
- Re: [Monotone-devel] popt buggy, Richard Levitte - VMS Whacker, 2005/04/04
Re: [Monotone-devel] popt buggy, Richard Levitte - VMS Whacker, 2005/04/02
Re: [Monotone-devel] popt buggy,
Richard Levitte - VMS Whacker <=