#6990: [runtime_loader] possible out of bound array access -------------------------------------+------------------------ Reporter: korli | Owner: bonefish Type: bug | Status: new Priority: normal | Milestone: R1 Component: System/runtime_loader | Version: R1/alpha2 Keywords: | Blocked By: Has a Patch: 0 | Platform: All Blocking: | -------------------------------------+------------------------ Beginning in r31115: http://svn.berlios.de/viewcvs/haiku/haiku/trunk/src/system/runtime_loader/images.cpp?r1=31113&r2=31115 in map_image(), when i is zero, an uninitialized loadAddress is used (CID 1972) and image->regions[i - 1] is accessed (i is unsigned). {{{ 295 for (uint32 i = 0; i < image->num_regions; i++) { 296 // for BeOS compatibility: if we load an old BeOS executable, we 297 // have to relocate it, if possible - we recognize it because the 298 // vmstart is set to 0 (hopefully always) 299 if (fixed && image->regions[i].vmstart == 0) 300 fixed = false; 301 302 uint32 regionAddressSpecifier; 303 get_image_region_load_address(image, i, 304 loadAddress - image->regions[i - 1].vmstart, fixed, 305 loadAddress, regionAddressSpecifier); 306 if (i == 0) { 307 reservedAddress = loadAddress; 308 addressSpecifier = regionAddressSpecifier; 309 } }}} -- Ticket URL: <http://dev.haiku-os.org/ticket/6990> Haiku <http://dev.haiku-os.org> Haiku - the operating system.