kopete and gcc4.7

Tomáš Trnka tomastrnka at gmx.com
Sat Jan 19 17:41:38 UTC 2013

> El Dimecres, 16 de gener de 2013, a les 15:08:19, Pali Rohár va escriure:
> > Hello,
> > 
> > last kopete in svn cannot be compiled with gcc 4.7 and -O2 due to
> > some problem with memset (compiler/linker thinks that sometimes
> > third arg len can be zero).
> Have a bug for this been reported to the gcc devels?

Hello all,

note that this is certainly not a bug in gcc, but a sign of a real bug in 

int pos, len, i;

pos = ( text.size() + 10 ) % 8;

if( pos )
pos = 8 - pos;

text.size returns an int here, so if the value is sufficiently large (close to 
INT_MAX), integer overflow will result in a negative value of pos. Subtracting 
that from 8 leads to pos > 8 and the memset subsequently overruns the 
allocated eight-byte buffer. (Additionally, text.size() can be set to an 
arbitrary – possibly negative – value using ByteArray::setSize()).

Wrapping the memset in if (pos) doesn't do absolutely anything about the real 
problem, it just silences the warning. I'm not familiar with the code in 
question to suggest a real fix, but possibly clamping pos to 0 if negative 
would do the trick.

Best regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2095 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/release-team/attachments/20130119/86bcc917/attachment.p7s>

More information about the release-team mailing list