Coverity reports on possible overruns of static arrays
Michael Stefaniuc
mstefani at redhat.com
Thu Nov 16 04:08:09 CST 2006
Hey,
Paul Vriens wrote:
> we have quite a few places in the code where we do:
>
> WCHAR param[any-value];
>
> len = sizeof(param) / sizeof(WCHAR);
And there lies the next potential bug. If somebody changes the type of
param this will result in a wrong length. For this reason the Linux
Kernel guys are replacing all those constructs with a macro ARRAY_SIZE
#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
Thought about doing that for Wine too but have to ask Alexandre first if
he would accept such patches.
> param[len] = '\0';
>
> and of course more-or-less the same for CHAR arrays.
>
> This could lead (and the example does) to writing behind the end of
> param.
>
> I've submitted two patches for this, but I'm not sure just doing:
>
> param[len - 1] = '\0';
>
> is the correct/good approach.
>
> Any idea's?
If this is such a common operation why not create a macro for that too.
Something like
#define ARRAY_ZERO_LAST(x) ((x)[ARRAY_SIZE(x)-1] = '\0')
bye
michael
--
Michael Stefaniuc Tel.: +49-711-96437-199
Sr. Network Engineer Fax.: +49-711-96437-111
Red Hat GmbH Email: mstefani at redhat.com
Hauptstaetterstr. 58 http://www.redhat.de/
D-70178 Stuttgart
More information about the wine-devel
mailing list