[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Suspicous code in kdelibs-3.5.2
From:       "Christoph Bartoschek" <bartoschek () gmx ! de>
Date:       2006-04-05 18:45:13
Message-ID: 8974.1144262713 () www094 ! gmx ! net
[Download RAW message or body]


> > - kdefx/kpixmap.cpp:62
> >
> > i+n easily reaches the array bound 16. For example if n == 15 
and i ==
> > 14, then bm[29][0] is accessed. This is way behind the array 
bound.
> 
> false positive. it's a 16x16 array and the code is taking 
advantage of the
> fact that it's contiguous memory... so bm[29] is actually the 
15th element
> in 
> the second "row"... fun.

I guess you mean bm[29][0], because bm[29] = 1 gives an compiler 
error:

No. The 15th element in the second row would be bm[0][29]
For an array[16][16] the position bm[i][j] is equal to *(bm + 
i*16+j)
Here code that shows the fact:

#include <iostream>

void print(int arr[16][16]) {
for (int i = 0; i != 16; ++i) {
        for (int j = 0; j != 16; ++j) {
                std::cout << arr[i][j];
        }
        std::cout << "\n";
}
}

int main() {

int arr[16][16];

for (int i = 0; i != 16; ++i)
        for (int j = 0; j != 16; ++j)
                arr[i][j] = 0;


arr[29][0] = 1;
std::cout << "\nAfter arr[29[0] = 1\n\n";
print(arr);
arr[0][29] = 1;
std::cout << "\nAfter arr[0][29] = 1\n\n";
print(arr);
}


-- 
GMX Produkte empfehlen und ganz einfach Geld verdienen!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
[prev in list] [next in list] [prev in thread] [next in thread]