Re: [Firebird-devel] FB2b2 3221225477

[Adriano d. S. F. <adr...@uo...>]

Vlad Horsun wrote:
>>     Send me drwatson.log, please. If you zip it - change .zip extension or 
>> SF will not passed this mail. 
>>     
>
>     I've received it, thanks. What i can see :
>
>  AV occurs in evl_string.h, line 98
>
> template <typename CharType>
> static void preKmp(const CharType *x, int m, SLONG kmpNext[]) 
> {
>     SLONG i = 0;
>     SLONG j = kmpNext[0] = -1;
>     while (i < m) {
>         while (j > -1 && x[i] != x[j])
>             j = kmpNext[j];
>         i++;
>         j++;
>         if (x[i] == x[j])         // AV here
>             kmpNext[i] = kmpNext[j];
>         else
>         kmpNext[i] = j;
>         }
> }
>
> Some variables at AV time :     m == 0x80, i == 0x80, j == 0x00
> Since i must be in range 0..0x7F (0..m-1) we have an AV when x[i] evaluated
>
>
>     As i understand this is a part of CONTAINING evaluation. The algorithm 
> was written by Nickolay and i unfortunately have no knowledge of how it must 
> work. May be Adriano can say more ?
>   
I don't have knowledge of Knuth-Morris-Pratt algorithm, but I can say 
that preKmp is always accessing a invalid location.
The AV will occur with a "magic" string length, causing the invalid 
location is in another memory page.

As it's probably that compare of garbage with part of the string is 
false, I propose to change the line to "if (i < m && x[i] == x[j])".

Comments?


Adriano