bug-groff
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #43569] Fix for compile warnings with gcc 4.6.3


From: Ingo Schwarze
Subject: [bug #43569] Fix for compile warnings with gcc 4.6.3
Date: Mon, 10 Nov 2014 23:24:51 +0000
User-agent: Mozilla/5.0 (X11; OpenBSD i386; rv:33.0) Gecko/20100101 Firefox/33.0

Follow-up Comment #2, bug #43569 (project groff):

To reinforce my previous comment, i just did some actual code auditing, and
there do appear to be bugs that these bogus patches are going to hide.

For example, with respect to the second chunk (changing font.cpp), if a DESC
file contains a "papersize" line where the referenced file cannot be read, the
fgets() call touched here will fail, return NULL, and the content of the
"line" buffer will remain undefined.  Consequently, the following strchr()
call may read off the end of the buffer, possibly resulting in a segfault or
data corruption.  Besides, if the file is readable but of length zero, fgets()
will set line[0] to ' ' and the subsequent "if (*(--linep) == 'n') *linep =
' ';" is both an out of bounds read and a write access, possibly causing a
different segfault or data corruption.  Not 100% sure as this is just from
code inspection, but the code really doesn't look correct at all.

So i strongly urge you to not commit these dangerous patches and instead fix
the actual bugs.  Right now, i'm not going to do the required work as i have
other work to do, sorry.

NEVER change code to appease the compiler, only use compiler warnings as hints
where to look for bugs, THEN FIX THE BUGS.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?43569>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]