kopete and gcc4.7

Albert Astals Cid aacid at kde.org
Sun Jan 27 18:15:13 UTC 2013


El Diumenge, 27 de gener de 2013, a les 18:10:00, Pali Rohár va escriure:
> On Saturday 19 January 2013 18:41:38 Tomáš Trnka wrote:
> > > El Dimecres, 16 de gener de 2013, a les 15:08:19, Pali Rohár
> 
> va escriure:
> > > > Hello,
> > > > 
> > > > last kopete in svn cannot be compiled with gcc 4.7 and -O2
> > > > due to some problem with memset (compiler/linker thinks
> > > > that sometimes third arg len can be zero).
> > > 
> > > Have a bug for this been reported to the gcc devels?
> > 
> > Hello all,
> > 
> > note that this is certainly not a bug in gcc, but a sign of a
> > real bug in Kopete:
> > 
> > int pos, len, i;
> > 
> > pos = ( text.size() + 10 ) % 8;
> > 
> > if( pos )
> > pos = 8 - pos;
> > 
> > text.size returns an int here, so if the value is sufficiently
> > large (close to INT_MAX), integer overflow will result in a
> > negative value of pos. Subtracting that from 8 leads to pos >
> > 8 and the memset subsequently overruns the allocated
> > eight-byte buffer. (Additionally, text.size() can be set to
> > an arbitrary – possibly negative – value using
> > ByteArray::setSize()).
> > 
> > Wrapping the memset in if (pos) doesn't do absolutely anything
> > about the real problem, it just silences the warning. I'm not
> > familiar with the code in question to suggest a real fix, but
> > possibly clamping pos to 0 if negative would do the trick.
> > 
> > Best regards,
> > 
> > 2T
> 
> At least that patch fixing compilation. Problem is in qq plugin so
> can happen only for users of qq protocol.
> 
> Will be patch included into KDE4.10?

Can we get the proper fix based on Tomáš analysis?

Cheers,
  Albert


More information about the release-team mailing list