kopete and gcc4.7
Pali Rohár
pali.rohar at gmail.com
Sun Jan 27 17:10:00 UTC 2013
On Saturday 19 January 2013 18:41:38 Tomáš Trnka wrote:
> > El Dimecres, 16 de gener de 2013, a les 15:08:19, Pali Rohár
va escriure:
> > > Hello,
> > >
> > > last kopete in svn cannot be compiled with gcc 4.7 and -O2
> > > due to some problem with memset (compiler/linker thinks
> > > that sometimes third arg len can be zero).
> >
> > Have a bug for this been reported to the gcc devels?
>
> Hello all,
>
> note that this is certainly not a bug in gcc, but a sign of a
> real bug in Kopete:
>
> int pos, len, i;
>
> pos = ( text.size() + 10 ) % 8;
>
> if( pos )
> pos = 8 - pos;
>
> text.size returns an int here, so if the value is sufficiently
> large (close to INT_MAX), integer overflow will result in a
> negative value of pos. Subtracting that from 8 leads to pos >
> 8 and the memset subsequently overruns the allocated
> eight-byte buffer. (Additionally, text.size() can be set to
> an arbitrary – possibly negative – value using
> ByteArray::setSize()).
>
> Wrapping the memset in if (pos) doesn't do absolutely anything
> about the real problem, it just silences the warning. I'm not
> familiar with the code in question to suggest a real fix, but
> possibly clamping pos to 0 if negative would do the trick.
>
> Best regards,
>
> 2T
At least that patch fixing compilation. Problem is in qq plugin so
can happen only for users of qq protocol.
Will be patch included into KDE4.10?
--
Pali Rohár
pali.rohar at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/release-team/attachments/20130127/b49463f1/attachment.sig>
More information about the release-team
mailing list