Hi Tom, Can you take a look?
Per Coverity. There is something wrong with the definition of QUEUE_PAGESIZE on async.c 1. #define QUEUE_PAGESIZE BLCKSZ 2. BLCKSZ is 8192 3..sizeof(AsyncQueueControl) is 8080, according to Coverity (Windows 64 bits) 4. (Line 1508) qe.length = QUEUE_PAGESIZE - offset; 5. offset is zero 6. qe.length is 8192 /* Now copy qe into the shared buffer page */ memcpy(NotifyCtl->shared->page_buffer[slotno] + offset, &qe, qe.length); CID 1428952 (#1 of 1): Out-of-bounds access (OVERRUN) at line 1515, with memcpy call. 9. overrun-buffer-arg: Overrunning struct type AsyncQueueEntry of 8080 bytes by passing it to a function which accesses it at byte offset 8191 using argument qe.length (which evaluates to 8192). Question: 1. NotifyCtl->shared->page_buffer[slotno] is really struct type AsyncQueueEntry? regards, Ranier Vilela
