> El Dimecres, 16 de gener de 2013, a les 15:08:19, Pali Rohár va escriure: > > Hello, > > > > last kopete in svn cannot be compiled with gcc 4.7 and -O2 due to > > some problem with memset (compiler/linker thinks that sometimes > > third arg len can be zero). > > Have a bug for this been reported to the gcc devels?
Hello all, note that this is certainly not a bug in gcc, but a sign of a real bug in Kopete: int pos, len, i; pos = ( text.size() + 10 ) % 8; if( pos ) pos = 8 - pos; text.size returns an int here, so if the value is sufficiently large (close to INT_MAX), integer overflow will result in a negative value of pos. Subtracting that from 8 leads to pos > 8 and the memset subsequently overruns the allocated eight-byte buffer. (Additionally, text.size() can be set to an arbitrary – possibly negative – value using ByteArray::setSize()). Wrapping the memset in if (pos) doesn't do absolutely anything about the real problem, it just silences the warning. I'm not familiar with the code in question to suggest a real fix, but possibly clamping pos to 0 if negative would do the trick. Best regards, 2T
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ kopete-devel mailing list kopete-devel@kde.org https://mail.kde.org/mailman/listinfo/kopete-devel
