cscope

Bugs item #1511540, was opened at 2006-06-23 22:05
Message generated for change (Comment added) made by broeker
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
>Resolution: Rejected
Priority: 5
Submitted By: Neil Horman (nhorman)
>Assigned to: Hans-Bernhard Broeker (broeker)
Summary: on long pathnames cscope can overflow in putstring

Initial Comment:
when parsing very long paths, cscope can overflow in
putstring.  This patch limits the length of the
putstring copy to the length of the array being copied
into.

----------------------------------------------------------------------

>Comment By: Hans-Bernhard Broeker (broeker)
Date: 2006-06-24 18:38

Message:
Logged In: YES 
user_id=27517

In its current shape, I'm afraid I have to reject this
patch.  For two reasons:

1) I rather seriously dislike that CHECK_STACK hack.  Stuff
like that has no business being put into production code.

2) I see no believable reason at all to add an argument to a
function, but in the same move pass the exact same value for
this argument, in all its callers.  What could a function or
macro name's length possibly have to do with PATHLEN?  And
if PATHLEN really is the actual length of all those buffers:
why pass it as an argument?


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664

Bugs item #1511540, was opened at 2006-06-23 16:05
Message generated for change (Comment added) made by nhorman
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: Rejected
Priority: 5
Submitted By: Neil Horman (nhorman)
Assigned to: Hans-Bernhard Broeker (broeker)
Summary: on long pathnames cscope can overflow in putstring

Initial Comment:
when parsing very long paths, cscope can overflow in
putstring.  This patch limits the length of the
putstring copy to the length of the array being copied
into.

----------------------------------------------------------------------

>Comment By: Neil Horman (nhorman)
Date: 2006-06-24 22:39

Message:
Logged In: YES 
user_id=827328

(1) Thats not supposed to be there.  I'll remove that and
repost.  Sorry about that.

(2) please take the time to actually look before you reject
this Hans.  the length variable represents the length of the
character array s passed into the array, and prevents buffer
overflow in all those cases where blockp is larger than the
passed array (note that PATHLEN is passed in all cases,
because in all uses of putstring, the passed array is
defined on the stack as being of PATHLEN characters).

----------------------------------------------------------------------

Comment By: Hans-Bernhard Broeker (broeker)
Date: 2006-06-24 12:38

Message:
Logged In: YES 
user_id=27517

In its current shape, I'm afraid I have to reject this
patch.  For two reasons:

1) I rather seriously dislike that CHECK_STACK hack.  Stuff
like that has no business being put into production code.

2) I see no believable reason at all to add an argument to a
function, but in the same move pass the exact same value for
this argument, in all its callers.  What could a function or
macro name's length possibly have to do with PATHLEN?  And
if PATHLEN really is the actual length of all those buffers:
why pass it as an argument?


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664

Bugs item #1511540, was opened at 2006-06-23 22:05
Message generated for change (Comment added) made by broeker
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
Resolution: Rejected
Priority: 5
Submitted By: Neil Horman (nhorman)
Assigned to: Hans-Bernhard Broeker (broeker)
Summary: on long pathnames cscope can overflow in putstring

Initial Comment:
when parsing very long paths, cscope can overflow in
putstring.  This patch limits the length of the
putstring copy to the length of the array being copied
into.

----------------------------------------------------------------------

>Comment By: Hans-Bernhard Broeker (broeker)
Date: 2006-07-23 22:47

Message:
Logged In: YES 
user_id=27517

On closer examination, turns out my earlier suspicions were
fully justified:

> PATHLEN is passed in all cases, because in all uses of 
> putstring, the passed array is defined on the stack as
> being of PATHLEN characters.

That's not actually the case.  Quite a number of them are
actually PATLEN, not PATHLEN.  Yes, those two are currently
the same size, but that has to be treated like a random
coincidence.

I'm checking in a rather different fix.

----------------------------------------------------------------------

Comment By: Neil Horman (nhorman)
Date: 2006-06-25 04:39

Message:
Logged In: YES 
user_id=827328

(1) Thats not supposed to be there.  I'll remove that and
repost.  Sorry about that.

(2) please take the time to actually look before you reject
this Hans.  the length variable represents the length of the
character array s passed into the array, and prevents buffer
overflow in all those cases where blockp is larger than the
passed array (note that PATHLEN is passed in all cases,
because in all uses of putstring, the passed array is
defined on the stack as being of PATHLEN characters).

----------------------------------------------------------------------

Comment By: Hans-Bernhard Broeker (broeker)
Date: 2006-06-24 18:38

Message:
Logged In: YES 
user_id=27517

In its current shape, I'm afraid I have to reject this
patch.  For two reasons:

1) I rather seriously dislike that CHECK_STACK hack.  Stuff
like that has no business being put into production code.

2) I see no believable reason at all to add an argument to a
function, but in the same move pass the exact same value for
this argument, in all its callers.  What could a function or
macro name's length possibly have to do with PATHLEN?  And
if PATHLEN really is the actual length of all those buffers:
why pass it as an argument?


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664