On Saturday 19 January 2013 18:41:38 Tomáš Trnka wrote: > > El Dimecres, 16 de gener de 2013, a les 15:08:19, Pali Rohár va escriure: > > > Hello, > > > > > > last kopete in svn cannot be compiled with gcc 4.7 and -O2 > > > due to some problem with memset (compiler/linker thinks > > > that sometimes third arg len can be zero). > > > > Have a bug for this been reported to the gcc devels? > > Hello all, > > note that this is certainly not a bug in gcc, but a sign of a > real bug in Kopete: > > int pos, len, i; > > pos = ( text.size() + 10 ) % 8; > > if( pos ) > pos = 8 - pos; > > text.size returns an int here, so if the value is sufficiently > large (close to INT_MAX), integer overflow will result in a > negative value of pos. Subtracting that from 8 leads to pos > > 8 and the memset subsequently overruns the allocated > eight-byte buffer. (Additionally, text.size() can be set to > an arbitrary – possibly negative – value using > ByteArray::setSize()). > > Wrapping the memset in if (pos) doesn't do absolutely anything > about the real problem, it just silences the warning. I'm not > familiar with the code in question to suggest a real fix, but > possibly clamping pos to 0 if negative would do the trick. > > Best regards, > > 2T
At least that patch fixing compilation. Problem is in qq plugin so can happen only for users of qq protocol. Will be patch included into KDE4.10? -- Pali Rohár pali.ro...@gmail.com
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ kopete-devel mailing list kopete-devel@kde.org https://mail.kde.org/mailman/listinfo/kopete-devel
