Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2. One more place where this problem could appear. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
0ecc5f95e00495b622cef99b51a62987 |
User & Date: | jan.nijtmans 2011-03-28 09:22:36 |
Context
2011-03-28
| ||
11:44 | set default MODULE_SCOPE=extern, in case no other value is determined check-in: b4c6e652 user: jan.nijtmans tags: trunk | |
09:22 | [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2. One more place where this problem could appear. check-in: 0ecc5f95 user: jan.nijtmans tags: trunk | |
09:20 | [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2. One more place where this problem could appear. check-in: bc537f82 user: jan.nijtmans tags: core-8-5-branch | |
2011-03-27
| ||
20:10 | merge-mark check-in: 8bc432d6 user: jan tags: trunk | |
Changes
Changes to ChangeLog.
1 2 3 4 5 6 7 | 2011-03-24 Jan Nijtmans <[email protected]> * win/tkWinMenu.c: [Bug #3239768] tk8.4.19 (and later) WIN32 menu font support. 2011-03-16 Jan Nijtmans <[email protected]> | > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 | 2011-03-28 Jan Nijtmans <[email protected]> * generic/tkTextBTree.c: [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2. One more place where this problem could appear. 2011-03-24 Jan Nijtmans <[email protected]> * win/tkWinMenu.c: [Bug #3239768] tk8.4.19 (and later) WIN32 menu font support. 2011-03-16 Jan Nijtmans <[email protected]> |
︙ | ︙ |
Changes to generic/tkText.h.
︙ | ︙ | |||
166 167 168 169 170 171 172 | * type. */ struct TkTextSegment *nextPtr; /* Next in list of segments for this line, or * NULL for end of list. */ int size; /* Size of this segment (# of bytes of index * space it occupies). */ union { | | | 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 | * type. */ struct TkTextSegment *nextPtr; /* Next in list of segments for this line, or * NULL for end of list. */ int size; /* Size of this segment (# of bytes of index * space it occupies). */ union { char chars[1]; /* Characters that make up character info. * Actual length varies to hold as many * characters as needed.*/ TkTextToggle toggle; /* Information about tag toggle. */ TkTextMark mark; /* Information about mark. */ TkTextEmbWindow ew; /* Information about embedded window. */ TkTextEmbImage ei; /* Information about embedded image. */ } body; |
︙ | ︙ |
Changes to generic/tkTextBTree.c.
︙ | ︙ | |||
1067 1068 1069 1070 1071 1072 1073 | segPtr->nextPtr = linePtr->segPtr; linePtr->segPtr = segPtr; } else { segPtr->nextPtr = curPtr->nextPtr; curPtr->nextPtr = segPtr; } segPtr->size = chunkSize; | | | 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 | segPtr->nextPtr = linePtr->segPtr; linePtr->segPtr = segPtr; } else { segPtr->nextPtr = curPtr->nextPtr; curPtr->nextPtr = segPtr; } segPtr->size = chunkSize; memcpy(segPtr->body.chars, string, (size_t) chunkSize); segPtr->body.chars[chunkSize] = 0; if (eol[-1] != '\n') { break; } /* |
︙ | ︙ | |||
4546 4547 4548 4549 4550 4551 4552 | TkTextSegment *newPtr1, *newPtr2; newPtr1 = ckalloc(CSEG_SIZE(index)); newPtr2 = ckalloc(CSEG_SIZE(segPtr->size - index)); newPtr1->typePtr = &tkTextCharType; newPtr1->nextPtr = newPtr2; newPtr1->size = index; | | | > | 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 | TkTextSegment *newPtr1, *newPtr2; newPtr1 = ckalloc(CSEG_SIZE(index)); newPtr2 = ckalloc(CSEG_SIZE(segPtr->size - index)); newPtr1->typePtr = &tkTextCharType; newPtr1->nextPtr = newPtr2; newPtr1->size = index; memcpy(newPtr1->body.chars, segPtr->body.chars, (size_t) index); newPtr1->body.chars[index] = 0; newPtr2->typePtr = &tkTextCharType; newPtr2->nextPtr = segPtr->nextPtr; newPtr2->size = segPtr->size - index; memcpy(newPtr2->body.chars, segPtr->body.chars + index, newPtr2->size); newPtr2->body.chars[newPtr2->size] = 0; ckfree(segPtr); return newPtr1; } /* *-------------------------------------------------------------- * |
︙ | ︙ | |||
4591 4592 4593 4594 4595 4596 4597 | if ((segPtr2 == NULL) || (segPtr2->typePtr != &tkTextCharType)) { return segPtr; } newPtr = ckalloc(CSEG_SIZE(segPtr->size + segPtr2->size)); newPtr->typePtr = &tkTextCharType; newPtr->nextPtr = segPtr2->nextPtr; newPtr->size = segPtr->size + segPtr2->size; | | | > | 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 | if ((segPtr2 == NULL) || (segPtr2->typePtr != &tkTextCharType)) { return segPtr; } newPtr = ckalloc(CSEG_SIZE(segPtr->size + segPtr2->size)); newPtr->typePtr = &tkTextCharType; newPtr->nextPtr = segPtr2->nextPtr; newPtr->size = segPtr->size + segPtr2->size; memcpy(newPtr->body.chars, segPtr->body.chars, segPtr->size); memcpy(newPtr->body.chars + segPtr->size, segPtr2->body.chars, segPtr2->size); newPtr->body.chars[newPtr->size] = 0; ckfree(segPtr); ckfree(segPtr2); return newPtr; } /* *-------------------------------------------------------------- |
︙ | ︙ |