From: Wynn Fenwick (wynn.fenwickcgi.com)
Date: Tue May 13 2003 - 15:43:56 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Xeno nailed that one but here's something I wondered...

The program uses malloc() then iterates through each memory location,
assuming that malloc() would give them a contiguous block of memory.

> for (i = 0; i <= SIZE && p1[i] != '\0'; i++)
> buf1[i] = p1[i];

I believe there is an (incorrect) assumption that the memory returned
by malloc() on Win32 is contiguous, unlike some UNIX boxen? Is there a
neato non-portability vulnerability created by iterating through the
string elements this way? or is it only vulnerable if you do something
like this:

  char* p;
  p = &buf1;
  while (*p != '\0') buf1[i++] = *p++;

Wow... I haven't written C in a long time... I hope I don't embarrass
myself...

W

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]