kopete and gcc4.7
Tomáš Trnka
tomastrnka at gmx.com
Sat Jan 19 17:41:38 UTC 2013
> El Dimecres, 16 de gener de 2013, a les 15:08:19, Pali Rohár va escriure:
> > Hello,
> >
> > last kopete in svn cannot be compiled with gcc 4.7 and -O2 due to
> > some problem with memset (compiler/linker thinks that sometimes
> > third arg len can be zero).
>
> Have a bug for this been reported to the gcc devels?
Hello all,
note that this is certainly not a bug in gcc, but a sign of a real bug in
Kopete:
int pos, len, i;
pos = ( text.size() + 10 ) % 8;
if( pos )
pos = 8 - pos;
text.size returns an int here, so if the value is sufficiently large (close to
INT_MAX), integer overflow will result in a negative value of pos. Subtracting
that from 8 leads to pos > 8 and the memset subsequently overruns the
allocated eight-byte buffer. (Additionally, text.size() can be set to an
arbitrary – possibly negative – value using ByteArray::setSize()).
Wrapping the memset in if (pos) doesn't do absolutely anything about the real
problem, it just silences the warning. I'm not familiar with the code in
question to suggest a real fix, but possibly clamping pos to 0 if negative
would do the trick.
Best regards,
2T
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2095 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/release-team/attachments/20130119/86bcc917/attachment.p7s>
More information about the release-team
mailing list