New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid incrementing a pointer past the end #1489
Avoid incrementing a pointer past the end #1489
Conversation
Err, no. There might be an off-by-one in the code, but you don't need all this and an abort(), to deal with that. Start with the basics. What is the scenario where 'end' is beyond the allocation? Where is that pointer accessed? Do you have a reproducer for this? |
The only case where |
01695f5
to
24fa347
Compare
83be6b4
to
70c3c87
Compare
base64-encoded test case below. This doesn’t trip any of the sanitizers, but I did check that it called
While this change (which reduces the amount of code) is probably a good idea anyway, we might also want to wrap |
Actually in the latest form, the code is obvious enough that it doesn't need a comment at all. Just move the whole explanation to the commit message and we're good here. That's a generic preference BTW: comments should be used sparingly, and in particular multiline comments are like neon signs which should be reserved for very special danger zones. If the neon signs are everywhere, they do nothing but blind you from the code itself. In the git era, commit messages are a far better place to document the details. |
The ‘end’ parameter to ‘strtaglen’ might point past the end of an allocation. Therefore, if ‘start’ becomes equal to ‘end’, exit the loop without calling ‘memchr’ on it.
70c3c87
to
c111bab
Compare
Good to know, thanks! I take it that doxygen doc comments on public APIs are an exception? |
Public API docs are documentation, not comments, despite masquerading as such. Multiline comments are by no means forbidden, just that they should be used sparingly, in particular in middle of code. In middle of code, multiline comments are very distracting so they should only be used there when it's in fact the purpose to distract, typically to deliver a warning of some sort. The general preference is do the explaining in the code itself, using descriptive names and that in the best cases make the code read almost like a story. Clearly not all of rpm is that way 🤣 and it's not always achievable now matter what, but hey, it's a goal. |
Oh and thanks for spotting + fixing this. I rather like this as it ends up actually simplifying the code. When a fix removes code, that's usually a good sign 🙂 |
Except that ... this introduced a new issue:
|
Created #1545 to fix that. It's a bit strange as CI is supposed to catch newly introduced warnings, but perhaps gcc on Fedora 32 doesn't see that (my laptop is on 33) |
The ‘end’ parameter to ‘strtaglen’ might point past the end of an
allocation. Therefore, if ‘start’ becomes equal to ‘end’, return an
error without calling ‘memchr’ on that pointer.