Re: [evolution-patches] seeking review for bug 46706 :Evolution - 1.4 Evo hangs when forward one contact.



Since this is a char sequence, rather than a string, it should probably
use memcpy() rather than strcpy() since the trailing NUL is redundant?


On Mon, 2003-08-11 at 02:54, Gilbert Fang wrote:
> Hi, Chris
> 
>   The bug will hang/crash the evolution. It  exists on Suse(SLEC-GM) but
> not in RH8.

>   I find  it is because the mem aollocation error. The patch works well
> in my Suse workspace. 
> 
> here is my comments on the patch 
> -		attach_data->_maximum = attach_data->_length = strlen (tempstr);
> +		attach_data->_maximum = attach_data->_length = strlen (tempstr) + 1;
>  		attach_data->_buffer = CORBA_sequence_CORBA_char_allocbuf
> (attach_data->_length);
>  		strcpy (attach_data->_buffer, tempstr);
> 
> Since attach_data is not a Corba string, it is only a sequence of
> char, the allocbuf will not be sure to allocate the extra space for
> the terminated byte '\0'. Thus the strcpy would be  easily beyond
> the memory boundry and evolution will hang or crash some lines later.
> 
> But what confused me is the orginial code can work well in RH8. I
> guess RH8 has added some  protection codes to avoid such errors. 
> Anyway, the patch will not have any harm to other platform and really
> fix the bug on SLEC(Suse Linux Enterprise Client). 
> 
> 
> Please review it for Evolution 1.4 branch.
> 
> Thanks 
> Gilbert 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]