Ethan Furman <et...@stoneleaf.us> writes: > memset(envp_write, 0, ((unsigned int) envp_read - > (unsigned int) envp_write));
That is a remarkable blunder for a security-critical program. On a 64-bit platform, the best case outcome is that it will throw away the top 32 bits of each pointer before doing the subtraction, yielding the wrong answer if the discarded bits happen to differ. (There is no limit to the worst case behavior; the effect of converting a pointer value to an integer type which cannot represent the result is undefined.) I would write: (envp_read - envp_write) * sizeof *envp_read -- http://www.greenend.org.uk/rjk/ -- https://mail.python.org/mailman/listinfo/python-list
