[rrd-developers] Re: rrd_diff patch

Tobias Oetiker oetiker at ee.ethz.ch
Thu Jun 19 00:03:41 MEST 2003 

Yesterday Luca Deri wrote:

> Dear all,
> I have found a problem on rrd_diff(). Basically the function is
> accessing invalid memory. This is because the two function parameters
> (*a and *b) can be of different length (e.g. a = "1234", b = "13") so
> the statement
>
> for (x=0; x<m; x++) { ... }
>
> moves the pointers (a1, b1, r1) for m locations (a1--;b1--;r1--;) where
> m = max(strlen(a),strlen(b));
>
> In the above example m=4, but b1 cannot be shifted for more than 2
> positions (strlen("13")=2), therefore the b1-- statement causes a crash
> when b1 is moved for the third time.
>
> I have enclosed a quick hack (see below): fell free to accept it or to
> fix it the way you want. Anything is fine as long as the problem is fixed.

Hey Luca,

cool, and note, this but is even in mrtg ... I did copy the worst
code over :-)

How about this fix:

I just make sure the 'save' variants only get set when (a|b)1 is save to read ...

--- rrd_diff.c.error    Wed Jun 18 23:55:13 2003
+++ rrd_diff.c  Thu Jun 19 00:01:50 2003
@@ -66,13 +66,11 @@
     r1[1] = 0;  /* Null terminate result */
     c = 0;
     for (x=0; x<m; x++) {
-        if (a1 >= a && b1 >= b) {
-            *r1 = ((*a1 - c) - *b1) + '0';
-        } else if (a1 >= a) {
-            *r1 = (*a1 - c);
-        } else {
-            *r1 = ('0' - *b1 - c) + '0';
-        }
+        /* we want to avoid reading off the edge of the string */
+        char save_a,save_b;
+        save_a = ( a1 >= a) ? *a1 : '0';
+        save_b = ( b1 >= b) ? *b1 : '0';
+        *r1 = save_a - save_b - c + '0';
         if (*r1 < '0') {
             *r1 += 10;
             c=1;

cheers
tobi

-- 
 ______    __   _
/_  __/_  / /  (_) Oetiker @ ISG.EE, ETZ J97, ETH, CH-8092 Zurich
 / // _ \/ _ \/ /  System Manager, Time Lord, Coder, Designer, Coach
/_/ \.__/_.__/_/   http://people.ee.ethz.ch/~oetiker   +41(0)1-632-5286

--
Unsubscribe mailto:rrd-developers-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:rrd-developers-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/rrd-developers
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the rrd-developers mailing list