[haiku-bugs] [Haiku] #6990: [runtime_loader] possible out of bound array access
- From: "korli" <trac@xxxxxxxxxxxx>
- Date: Thu, 16 Dec 2010 18:44:04 -0000
#6990: [runtime_loader] possible out of bound array access
-------------------------------------+------------------------
Reporter: korli | Owner: bonefish
Type: bug | Status: new
Priority: normal | Milestone: R1
Component: System/runtime_loader | Version: R1/alpha2
Keywords: | Blocked By:
Has a Patch: 0 | Platform: All
Blocking: |
-------------------------------------+------------------------
Beginning in r31115:
http://svn.berlios.de/viewcvs/haiku/haiku/trunk/src/system/runtime_loader/images.cpp?r1=31113&r2=31115
in map_image(), when i is zero, an uninitialized loadAddress is used (CID
1972) and
image->regions[i - 1] is accessed (i is unsigned).
{{{
295 for (uint32 i = 0; i < image->num_regions; i++) {
296 // for BeOS compatibility: if we load an old BeOS executable, we
297 // have to relocate it, if possible - we recognize it because the
298 // vmstart is set to 0 (hopefully always)
299 if (fixed && image->regions[i].vmstart == 0)
300 fixed = false;
301
302 uint32 regionAddressSpecifier;
303 get_image_region_load_address(image, i,
304 loadAddress - image->regions[i - 1].vmstart, fixed,
305 loadAddress, regionAddressSpecifier);
306 if (i == 0) {
307 reservedAddress = loadAddress;
308 addressSpecifier = regionAddressSpecifier;
309 }
}}}
--
Ticket URL: <http://dev.haiku-os.org/ticket/6990>
Haiku <http://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
