Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#25 memcpy wrong data size

1.12 Accepted
closed-accepted
nobody
COM Data (10)
5
2007-04-15
2007-03-29
Jan
No

in 3 instances, memcpy was used to copy a jlong (64 bit) with a size argument of 64 (bytes), so a block 8 times as huge as needed was copied, which could potentially overwrite other data that is still needed.
That this did not yet lead to fatal errors (GPF...) is probably only owed to the way VC arranges local variables on the stack, and by using other optimization options, other compilers or any other change we might run into these fatal errors.

All memcpy calls in Variant.cpp now use the structure size of the destination as size parameter, which should always completely write the destination and never overwrite anything still needed.

Discussion

  • Jan
    Jan
    2007-03-29

    Variant.cpp

     
    Attachments
  • clay_shooter
    clay_shooter
    2007-03-31

    Logged In: YES
    user_id=1189284
    Originator: NO

    This will show up in the 1.12-pre4 build.

     
  • clay_shooter
    clay_shooter
    2007-03-31

    • milestone: --> 1.12 Accepted
    • status: open --> pending-accepted
     
    • status: pending-accepted --> closed-accepted
     
  • Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).