Menu
▾
▴
#116 Memory corruption using new XML library
new XML library causing memory corruption
Target: ARM Linux, 64 Bit
Problem: When parsing a XML file, the heap gets corrupted.
What is the problem: Wrong usage of routine vos_strncpy in combination with vos_memAlloc. When using strings, vos_memAlloc is called with the length of the string + 1 (\0 termination). Afterwards the string is copied by using vos_strncpy and a length defined by a constant which is bigger than the allocated memory. Because of the specification of strncpy (which is used inside of vos_strncpy), the string is copied and missing characters are filled with 0, which corrupts the memory.
The problem can be seen by looking at the file tau_xml.c (r1555), line 457 and 465 with a string shorter than TRDP_MAX_URI_HOST_LEN - 1. The same code fragment is used all over the TRDP code, so multiple locations must be fixed (simply search for vos_strncpy and check ...).
Related
Hallo Bern Löhr,
ich habe jetzt mehrere Projekte mit TRDP bzw. TCNOpen am Laufen und muss wahrscheinlich ein paar Optimierungen vornehmen, damit die potentielle Performance optimal wird. Ist es in Ordnung für euch, dass ich diesbezüglich versuche euch immer Patches zukommen zulassen?
(Beispielsweise werden derzeit alle Listen immer sequentiell durchsucht und ich würde diese Suchen auf binäre Bäume oder ähnliches umstellen).
Viele Grüße,
Robert Jelinek
Von: "Bernd Löhr" [mailto:bloehr@users.sf.net]
Gesendet: Montag, 21. März 2016 17:34
An: [tcnopen:tickets] 116@tickets.tcnopen.p.re.sf.net
Betreff: [tcnopen:tickets] #116 Memory corruption using new XML library
Oh jeh, you're right! Fortunately it applies to tau_xml.c, only.
[tickets:#116] https://sourceforge.net/p/tcnopen/tickets/116/ Memory corruption using new XML library
Status: accepted
Milestone: 1.4.0.0
Created: Mon Mar 21, 2016 03:26 PM UTC by Robert Jelinek
Last Updated: Mon Mar 21, 2016 03:26 PM UTC
Owner: Bernd Löhr
new XML library causing memory corruption
Target: ARM Linux, 64 Bit
Problem: When parsing a XML file, the heap gets corrupted.
What is the problem: Wrong usage of routine vos_strncpy in combination with vos_memAlloc. When using strings, vos_memAlloc is called with the length of the string + 1 (\0 termination). Afterwards the string is copied by using vos_strncpy and a length defined by a constant which is bigger than the allocated memory. Because of the specification of strncpy (which is used inside of vos_strncpy), the string is copied and missing characters are filled with 0, which corrupts the memory.
The problem can be seen by looking at the file tau_xml.c (r1555), line 457 and 465 with a string shorter than TRDP_MAX_URI_HOST_LEN - 1. The same code fragment is used all over the TRDP code, so multiple locations must be fixed (simply search for vos_strncpy and check ...).
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/tcnopen/tickets/116/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Tickets:
#116Oh jeh, you're right! Fortunately it applies to tau_xml.c, only.