[Qt-interest] Analyze memory errors
Thiago Macieira
thiago at kde.org
Sat Jul 9 04:15:28 CEST 2011
On Saturday, 9 de July de 2011 00:17:46 Stefan Löffler wrote:
> b - n >= 2 * d->alloc / 3
> where b is the index of the first element, n is the number of elements
> to add, and d->alloc is the array size (I assume).
> Since n is (typically?) non-negative, this implies
> b >= 2 * d->alloc / 3
> Thus, the number of elements in the array, e-b, must be <= d->alloc / 3
> (otherwise they would not have fit into the array in the first place).
> Hence,
>
> ::memcpy(d->array, d->array + b, e * sizeof(void *));
>
> can copy at most d->alloc / 3 elements from somewhere >= 2*d->alloc / 3
> to the beginning of the array (so, into the range [0, d->alloc / 3]).
> This doesn't sound like overlapping memory regions to me...
>
> Of course, problems might arise with integer arithmetic for small
> arrays... But generally, I don't see a problem here, or am I missing
> something?
You're not. When I tried to get the patch in, we realised that the intention
was to never overlap.
> Could it be that memcpy() is called internally elsewhere?
That's why we need a testcase. The evidence is there of memcpy with
overlapping regions, but we can't find where from.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
Url : http://lists.qt-project.org/pipermail/qt-interest-old/attachments/20110709/95441c08/attachment.bin
More information about the Qt-interest-old
mailing list