[patch] bus error in gcry_free
Christian Biere
christianbiere at gmx.de
Thu Feb 1 16:24:11 CET 2007
Werner Koch wrote:
> On Thu, 1 Feb 2007 14:34, christianbiere at gmx.de said:
>
> > This patch is nonsense. It may work if you cast to size_t or unsigned long.
>
> Huh?
>
> return (pool_okay
> && p >= pool
> && p < (const void*)((const char*)pool+pool_size));
>
If p points into the pool or just one byte after it, everything is fine and
well-defined. Otherwise, the behaviour of this code is completely undefined.
A compile may optimize this into this:
return pool_okay && p != (const void*)((const char*)pool+pool_size);
That's probably not what you meant.
> I agree that the casts are not required but they don't harm either.
> Actually I committed this:
> int
> _gcry_private_is_secure (const void *p)
> {
> return (pool_okay
> && p >= pool
> && p < pool+pool_size);
> }
Then you've been GCCed. pointer arithmetic with "void *" is not covered by
any C standard and usually GCC warns about this.
> ((char*)((memblock_t*) ((char*)p - BLOCK_HEAD_SIZE)) - (char*)pool)
> < pool_size
>
> As you can see we can easily get an address wrap here:
Yes, that's obviously wrong too.
--
Christian
More information about the Gcrypt-devel
mailing list