catdoc: denial of service
Posted Nov 17, 2012 22:16 UTC (Sat) by dark (guest, #8483)
Posted Nov 18, 2012 7:10 UTC (Sun) by apoelstra (subscriber, #75205)
All-bits-zero is integer zero. It's pointers and floating-point numbers you need to worry about.
Posted Nov 18, 2012 16:41 UTC (Sun) by dark (guest, #8483)
The discussion about this that I remembered was about the language in C89 so I feel old now :) C89 has much less to say about padding bits but doesn't rule them out.
Posted Nov 18, 2012 20:27 UTC (Sun) by apoelstra (subscriber, #75205)
Oh! I thought this was true in C89 also.
I wonder, though, when you pass 0 to memset -- are you passing "integer zero" or "all bits zero"? Maybe you are still okay even if nothing is actually all-bits-zero.
Posted Nov 21, 2012 1:18 UTC (Wed) by gjmarter (guest, #5777)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds