User: james Date: 05/03/29 04:53:05 Modified: xemacs/src ChangeLog dumper.c Log: Fix off-by-one error possibly causing backtrace overflow. See xemacs-patches message with ID <psbr954s83.fsf(a)diannao.ittc.ku.edu&gt;. Revision Changes Path 1.817 +7 -0 XEmacs/xemacs/src/ChangeLog Index: ChangeLog =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/ChangeLog,v retrieving revision 1.816 retrieving revision 1.817 diff -u -p -r1.816 -r1.817 --- ChangeLog 2005/03/25 16:34:57 1.816 +++ ChangeLog 2005/03/29 02:52:42 1.817 ＠＠ -1,3 +1,10 ＠＠ +2005-03-26 Jerry James <james(a)xemacs.org&gt; + + * dumper.c (BACKTRACE_MAX): New constant defining length of static + backtrace array. + * dumper.c (pdump_bump_depth): Use it, and avoid buffer overflow + by fixing comparison. + 2005-02-24 Andrey Slusar <anrays(a)gmail.com&gt; * unexelf.c: define `Elfw(type)' for FreeBSD alpha and amd64. 1.26 +4 -2 XEmacs/xemacs/src/dumper.c Index: dumper.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/dumper.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -p -r1.25 -r1.26 --- dumper.c 2005/02/04 03:01:20 1.25 +++ dumper.c 2005/03/29 02:52:50 1.26 ＠＠ -520,12 +520,14 ＠＠ pdump_find_in_cv_ptr_dynarr(const void * return 0; } +#define BACKTRACE_MAX 65536 + static struct { struct lrecord_header *obj; int position; int offset; -} backtrace[65536]; +} backtrace[BACKTRACE_MAX]; static int pdump_depth; ＠＠ -568,7 +570,7 ＠＠ static void pdump_bump_depth (void) { int me = pdump_depth++; - if (me > 65536) + if (me >= BACKTRACE_MAX) { stderr_out ("Backtrace overflow, loop ?\n"); ABORT ();