Re: [Nano-devel] ready for testing: nano-1.3.8pre2

[Mike Frysinger]

On Tuesday 28 June 2005 11:37 am, David Lawrence Ramsey wrote:
>  >so as HTB correctly points out, if i give *int to parse_num who
>  >dereferences it as a *ssize_t, it will clobber 4 bytes of memory :/
>
> I was eventually meaning to convert filestruct line numbers to ssize_t's
> anyway, so I just moved that and related type changes up the timetable a
> bit.  Does current CVS work for you?

nope ... the current one suffers from the same issue ... only difference is 
the memory that is being clobbered has moved ;)

void do_gotolinecolumn(int line, ssize_t column, bool use_answer
...
    if (!parse_line_column(answer, &line, &column) || line < 1 ||
...

so you're prob clobbering the column memory on the stack

> I do that because strncmp(s1, s2, (size_t)-1) should be equivalent to
> strcmp(s1, s2).  Both of them stop running once they encounter a
> differing character and/or a null terminator in either the first or both
> strings (cf. glibc CVS, uClibc CVS, nstrcasecmp() and nstrncasecmp() in
> chars.c), so there shouldn't be any problem, since both strings are
> properly null-terminated.

fair enough ... HTB checks the arguments when the func is first called rather 
than seeing if the func misbehaves in the process ...
-mike