Suspicous code in kdelibs-3.5.2
Christoph Bartoschek
bartoschek at gmx.de
Wed Apr 5 19:45:13 BST 2006
> > - kdefx/kpixmap.cpp:62
> >
> > i+n easily reaches the array bound 16. For example if n == 15
and i ==
> > 14, then bm[29][0] is accessed. This is way behind the array
bound.
>
> false positive. it's a 16x16 array and the code is taking
advantage of the
> fact that it's contiguous memory... so bm[29] is actually the
15th element
> in
> the second "row"... fun.
I guess you mean bm[29][0], because bm[29] = 1 gives an compiler
error:
No. The 15th element in the second row would be bm[0][29]
For an array[16][16] the position bm[i][j] is equal to *(bm +
i*16+j)
Here code that shows the fact:
#include <iostream>
void print(int arr[16][16]) {
for (int i = 0; i != 16; ++i) {
for (int j = 0; j != 16; ++j) {
std::cout << arr[i][j];
}
std::cout << "\n";
}
}
int main() {
int arr[16][16];
for (int i = 0; i != 16; ++i)
for (int j = 0; j != 16; ++j)
arr[i][j] = 0;
arr[29][0] = 1;
std::cout << "\nAfter arr[29[0] = 1\n\n";
print(arr);
arr[0][29] = 1;
std::cout << "\nAfter arr[0][29] = 1\n\n";
print(arr);
}
--
GMX Produkte empfehlen und ganz einfach Geld verdienen!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
More information about the kde-core-devel
mailing list