You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This means that anybody using list outside will potentially read garbage values. This happens in sanity_tests.c tests when it tries to join strings immediately afterwards (but in current code it will return correct strings because stack values are not yet overwritten):
If you want to trigger this error, then inserting following piece of code after line 845 (directly below call to MD_ReconstructionFromNode) will produce corrupted string and test will fail:
{
// overwrite 4KB of stack with 0xaa
char* stack = (char*)_alloca(4096);
for (volatile int k = 0; k < 4096; k++) stack[k] = 0xaa;
}
I have potential fix for this here: mmozeiko@a18850f
It changes char variables to string literals. If you're ok with such change.
The text was updated successfully, but these errors were encountered:
MD_ReconstructionFromNode in
out
list returns pointers to local variables:https://github.com/Dion-Systems/metadesk/blob/23289461d249c787ff631ba1f82535b20acefe68/source/md.c#L4137 and
https://github.com/Dion-Systems/metadesk/blob/23289461d249c787ff631ba1f82535b20acefe68/source/md.c#L4170
This means that anybody using list outside will potentially read garbage values. This happens in
sanity_tests.c
tests when it tries to join strings immediately afterwards (but in current code it will return correct strings because stack values are not yet overwritten):https://github.com/Dion-Systems/metadesk/blob/23289461d249c787ff631ba1f82535b20acefe68/tests/sanity_tests.c#L846
If you want to trigger this error, then inserting following piece of code after line 845 (directly below call to
MD_ReconstructionFromNode
) will produce corrupted string and test will fail:I have potential fix for this here: mmozeiko@a18850f
It changes char variables to string literals. If you're ok with such change.
The text was updated successfully, but these errors were encountered: