One of the rare examples of code incompatible with _FORTIFY_SOURCE=2 (with a fortified implementation of memcmp): https://android.googlesource.com/platform/system/bt/+/android-6.0.1_r10/stack/sdp/sdp_utils.c#795 ….
-
-
Replying to @CopperheadOS
The buffer size is trivially known at compile-time in this case so they had already found it with coverity and marked the false positive.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec Is that comment saying that it's fine passing a 3d argument too large because the buffers will differ before the OOB?1 reply 0 retweets 0 likes -
Replying to @volatile_void
@spun_off The issue is that the object isn't big enough itself but it's contained within a buffer that's large enough so it's well-defined.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec @spun_off 1. How can you be sure that the buffer is large enough. Is the offset always 0? Then the function looks strange.1 reply 0 retweets 0 likes -
Replying to @ch3root
@CopperheadSec @spun_off If the offset is not 0 how do you know there is enough space left?1 reply 0 retweets 1 like -
Replying to @ch3root
@CopperheadSec @spun_off 2. I don't think you can as easily claim that this code is well-defined. By that logic "int a[4][5]; a[1][7]" is\4 replies 0 retweets 1 like
@ch3root @CopperheadSec @spun_off I also don't understand the comment. For memcmp(s1, s2, n), both s1[n-1] and s2[n-1] must be valid.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.