[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-bugs
Subject:    [Wireshark-bugs] [Bug 5686] /epan/emem.c Fails to Check Entire ep_
From:       bugzilla-daemon () wireshark ! org
Date:       2011-02-25 3:20:42
Message-ID: 20110225032042.2D3F44BB99 () mail ! wireshark ! org
[Download RAW message or body]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5686

Jeff Morriss <jeff.morriss.ws@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |jeff.morriss.ws@gmail.com
         Resolution|                            |INVALID

--- Comment #1 from Jeff Morriss <jeff.morriss.ws@gmail.com> 2011-02-24 19:20:40 PST ---
That 8th byte is usually NULL to serve as a separator between the canary and
the pointer to the next canary: you can see how it is used at the end of
emem_alloc_chunk().

I added a (hopefully explanatory) comment in rev 36065.

(If you make the change you proposed, you'll find that memory corruption is
always detected--because we end up comparing the NULL separator to the random
canary value.)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]