[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-bugs
Subject: [Wireshark-bugs] [Bug 5686] /epan/emem.c Fails to Check Entire ep_
From: bugzilla-daemon () wireshark ! org
Date: 2011-02-25 3:20:42
Message-ID: 20110225032042.2D3F44BB99 () mail ! wireshark ! org
[Download RAW message or body]
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5686
Jeff Morriss <jeff.morriss.ws@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |jeff.morriss.ws@gmail.com
Resolution| |INVALID
--- Comment #1 from Jeff Morriss <jeff.morriss.ws@gmail.com> 2011-02-24 19:20:40 PST ---
That 8th byte is usually NULL to serve as a separator between the canary and
the pointer to the next canary: you can see how it is used at the end of
emem_alloc_chunk().
I added a (hopefully explanatory) comment in rev 36065.
(If you make the change you proposed, you'll find that memory corruption is
always detected--because we end up comparing the NULL separator to the random
canary value.)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic