On Thu, Oct 4, 2012 at 4:34 AM, Stephan Bergmann <sbergman@redhat.com> wrote:
Given that "it is an error for X to happen" and "if X happens, behaviour is
undefined" have exactly the same meaning (at least in my understanding of
computing), I wonder whether this is just a harmless rephrasing, or whether
there is a deeper misunderstanding lurking there.
In my mind there is a distinction:
if an API declare that something 'an error' I expect it to give a
return code, an exception, a signal... something bad
if something is said to be 'undefined', then the call can do anything,
including nothing or returning random result...
Note how the original code above prevented problems with overflowing
beginIndex + count.
The only exploitable way to misuse that would be to be able to read
past the input and into memory that contain sensitive / secret
information... and being able to disclose it that way...
Although not impossible, it is hard to conceive a scenario where that
would lead to a practical exploit.
(by opposition a write overflow is much more likely to lead to a
practical exploit)
Norbert
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.