[TAG] Compliments to you all.
tfbrown at dejazzd.com
Sat Jun 5 04:39:38 MSD 2004
>| for (i = 0; i <= SIZE && p1[i] != '\0'; i++)
>| buf1[i] = p1[i];
> Blimey! That for loop is not being terminated correctly, where buf1 is
> concerned. Plus it is iterating SIZE+1 times.
Whoops, I was looking at the wrong argument. Thomas is right. The
"for" loop runs one time too many. It shouldn't have been "i<= SIZE",
since the buffer array actually goes from zero to SIZE-1, and the result
hammers the next byte in memory, "buf1[SIZE]". Voila! Buffer overrun due
to another Stupid Coding Trick (forgetting the "minus one" max offset),
and you get an input too big for the bucket.
No Excuse: I've been using Object Pascal for the last 7 years, which
doesn't have any of C's craziness. How quickly I forgot all that pain
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the TAG