Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index


On Thu, Oct 4, 2012 at 4:34 AM, Stephan Bergmann <sbergman@redhat.com> wrote:
Given that "it is an error for X to happen" and "if X happens, behaviour is
undefined" have exactly the same meaning (at least in my understanding of
computing), I wonder whether this is just a harmless rephrasing, or whether
there is a deeper misunderstanding lurking there.

In my mind there is a distinction:
if an API declare that something 'an error' I expect it to give a
return code, an exception, a signal... something bad
if something is said to be 'undefined', then the call can do anything,
including nothing or returning random result...

Note how the original code above prevented problems with overflowing
beginIndex + count.

The only exploitable way to misuse that would be to be able to read
past the input and into memory that contain sensitive / secret
information... and being able to disclose it that way...
Although not impossible, it is hard to conceive a scenario where that
would lead to a practical exploit.
(by opposition a write overflow is much more likely to lead to a
practical exploit)

Norbert

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.