[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Sat Oct 2 03:17:13 MDT 2010
The branch, master has been updated
via fc6e910 s3: Fix a 64-bit BUG
from ed5e05a bisect: more bisection options
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fc6e910e69f49cd482966eb9af3f27c0b65bcf4b
Author: Volker Lendecke <vl at samba.org>
Date: Sat Oct 2 11:13:34 2010 +0200
s3: Fix a 64-bit BUG
Quick explanation why this is a problem:
It is not safe to pass a pointer to a uint32_t into a routine that expects
a size_t *. The routine that this pointer is passed to has no chance to find
out that in reality it was passed a pointer to a uint32_t. On platforms where
sizeof(size_t)==8, we get a nice overwrite of a stack area that should not
be overwritten.
As this happens over an over again: Does someone know a means to make gcc
stop with an error in this case?
Volker
-----------------------------------------------------------------------
Summary of changes:
lib/util/asn1.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index c492334..7e37fbc 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -1011,7 +1011,7 @@ NTSTATUS asn1_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
NTSTATUS asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
{
struct asn1_data asn1;
- uint32_t size;
+ size_t size;
bool ok;
ZERO_STRUCT(asn1);
--
Samba Shared Repository
More information about the samba-cvs
mailing list