[TAG] Compliments to you all.
Tom Brown
tfbrown at dejazzd.com
Sat Jun 5 04:39:38 MSD 2004
>| for (i = 0; i <= SIZE && p1[i] != '\0'; i++)
>| buf1[i] = p1[i];
>
>
>
> Blimey! That for loop is not being terminated correctly, where buf1 is
> concerned. Plus it is iterating SIZE+1 times.
>
>
>
>
>
Ben,
Whoops, I was looking at the wrong argument. Thomas is right. The
"for" loop runs one time too many. It shouldn't have been "i<= SIZE",
since the buffer array actually goes from zero to SIZE-1, and the result
hammers the next byte in memory, "buf1[SIZE]". Voila! Buffer overrun due
to another Stupid Coding Trick (forgetting the "minus one" max offset),
and you get an input too big for the bucket.
No Excuse: I've been using Object Pascal for the last 7 years, which
doesn't have any of C's craziness. How quickly I forgot all that pain
and suffering!
Tom Brown.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linuxgazette.net/mailman/private/tag/attachments/20040604/259bcfe8/attachment.htm
More information about the TAG
mailing list