weaked a first pile of software

Started by Leo.Robusto, October 21, 2008, 20:17:18

Previous topic - Next topic
Print
Go Down Pages1
User actions

Leo.Robusto

October 21, 2008, 20:17:18
Hello fellows,

as I prommised,
I tweaked a first pile of software to suppress the compiler warnings.
I tweaked the unlha project, yet.

I got some warnings, which  have the same reason:

I)
Code Select
typedef struct LzHeader
{
...
 unsigned char header_size;
...
}

should use unsigned short instead.
Otherwise there are lots of locations with the threat of integer overflow!

II)
Code Select
class CLhaArchive
{
...
 protected:
 short *child, *parent, *block, *edge, *stock, *node;
...
}

In methods like
Code Select
void CLhaArchive::reconst(int start, int end)
all of the looping vars are int (32bit) and not short (16bit).

This might resume in (dangerous?) index overflows!

Either we reduce all looping vars to shorts,
or reset the short pointers to 'unsigned int'!

I am not an expet, but these inex over/underflows
might be a dangerous security leak!!


Yours,
  Leo
P.S.: where shall I post a first patch file?
Getting feedback would be helpful!
The Answer is out there - "The X-Files"

Relabsoluness

#1
October 22, 2008, 21:08:33
There indeed may be, and probably is, problems in the unlha code, but it is almost completely unused, and I doubt it's worth the trouble to start fixing problems in it -- especially since it might be better to simply remove it at some point. This also applies to unrar and unzip, so fixing the warnings in mptrack code first sounds like a better plan.

Quote from: "Leo.Robusto"P.S.: where shall I post a first patch file?
Patch file can be send to
<email address is no longer available>

Saga Musix

#2
January 26, 2009, 15:13:20
Quoteespecially since it might be better to simply remove it at some point. This also applies to unrar and unzip, so fixing the warnings in mptrack code first sounds like a better plan.
I don't think that's a good idea. Zipped module support has been there for a very long time, and not only inside modplug. remember that the unzip code is needed for ITZ/MDZ/S3Z/XMZ support, and the unlha code is needed for mods inside LHA archives. I'm not even sure if the unrar code is used at the moment, but LHA (for amiga stuff) and ZIP support should definitely not be dropped. Especially since ZIP could be a container format for a new MPTM format, as discussed before. :)
» No support, bug reports, feature requests via private messages - they will not be answered. Use the forums and the issue tracker so that everyone can benefit from your post.

Relabsoluness

#3
January 26, 2009, 18:40:08
Yes I'm aware of the use of the decompression routines, and I'm not saying that the support should be terminated, but instead that the implementations should be changed.

Saga Musix

#4
January 26, 2009, 18:50:20
Ok, I got you wrong then.
» No support, bug reports, feature requests via private messages - they will not be answered. Use the forums and the issue tracker so that everyone can benefit from your post.
Print
Go Up Pages1
User actions