Menu
▾
▴
[TCLCORE] a comment with regard to the fix of bug 2494093
|
From: Matthias K. <ma...@us...> - 2009-01-14 22:44:35
|
Hi everybody, I want to give two points to your attention that concern me with the fix of bug 2494093 (buffer overflow in AppendUnicodeToUnicode() -> SEGFAULT). But first thank you very much for helping to find the problem and then fixing it promptly! 1) The fix as now implemented restricts the content of variables to INT_MAX/4 which is 512MB! To my mind this is comparatively small and should be documented somewhere. Please notice that this is also half the size, of what was possible in 8.4.19 / 8.5.6. 2) In tclStringObj.c is a lengthy documentation of the memory allocation algorithm for strings. This is now obsolete in the case when more than INT_MAX/4 memory is free and could be allocated. As in this case we panic() before even coming to the attemptckalloc(). What you should make with this information? Well, I don't know. I just wanted to make sure it doesn't get lost and someone has to learn it the hard way. I can live with the fix now. Where is the use case that needs so much memory? Consider vfs::memchan. This is where I stumbled over the issue. I thought I use vfs::memchan to be able to transparently uncompress and evaluate the crc of archives... kind regards -- Matthias Kraft |
