[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re : "possible bugs in ghostscript-7.0.5"
|
From: |
Olatunji Oluwabukunmi Ruwase |
|
Subject: |
Re : "possible bugs in ghostscript-7.0.5" |
|
Date: |
Sun, 4 May 2003 08:04:11 -0700 (PDT) |
Hi,
I am working on a bounds checking patch to gcc. While testing the checker
on ghostscript-7.0.5, I am encountered the following problems(bugs ?),
which the checker flagged as errors.
1. Use of strcpy with overlapping strings in src/gsiodev.c:193
2. use of memcpy with overlapping locations in src/idparam.c:234
In both cases the pointers involved referenced the same location so
nothing bad happened, but this uses are unsafe.
3. In a certain call of scan_token() function in src/iscan.c the cursor
field of the stream argument s has the following values
(gdb) p s->cursor.r
$1 = {ptr = 0x1 <Address 0x1 out of bounds>,
limit = 0xffffffff <Address 0xffffffff out of bounds>,
_skip = 0xffffffff <Address 0xffffffff out of bounds>}
The local variables of scan_token(), sptr(initialised to s->cursor.r.ptr)
and endptr(initialised to s->s.cursor.r.ptr) are subsequently used in a
comparision operation => 0x1 >= 0x0xffffffff. The checker flags this
comparision operation as an error, since these are not generally
safe/legal pointer values. But it is possible that is an idiom specific to
this program which is correctly handled. I would appreciate if you could
shed more light on this issues.
Thanks
tunji
p.s the link on package webpage to the 7.0.6 release is broken, also the
release isn't ftp.gnu.org/gnu/ghostscript directory.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re : "possible bugs in ghostscript-7.0.5",
Olatunji Oluwabukunmi Ruwase <=