1.0/1.1 bug in LoadFlt

New Message Reply Date view Thread view Subject view Author view

Michael Jones (mtj++at++babar)
Wed, 26 Jan 1994 08:12:22 -0800

Actualy, not in LoadFlt buf in one of its static functions named -
getTexture (and resides in pfflt/geom.c).
getTexture attepts to read the attributes file (.attr) using the line

        read(ifd, (char*)&texAttr, stbuf.st_size);

where :
1. stbuf is the buffer returned by stat(), and stbuf.st_size containts
   the attributes file size.
2. texAttr is a structure that will contain the full contents of the file.

If, for some reason, the .attr file is larger then its minimal size,
the read command will run over texAttr right into the rest of the stack, and
mess things up. You won't notice it at first, but then some malloc() will
core you dump (or dump your core).

What should be done (and is easy to do on-site) is replacing the line
with :

        read(ifd, (char*)&texAttr, sizeof texAttr);

Good luck

        Ran Yakir

 __ | Ran Yakir
 /_) _ __ \ / _ / o __ | Phone :
/ )_ (_(_) ) \/ (_(_/<_(_)( | Work : 972-3-5715671
              _/ | Res. : 972-3-6995364
| E-mail : rany++at++bvr.co.il

 __ | Ran Yakir
 /_) _ __ \ / _ / o __ | Phone :
/ )_ (_(_) ) \/ (_(_/<_(_)( | Work : 972-3-5715671
              _/ | Res. : 972-3-6995364
| E-mail : rany++at++bvr.co.il

New Message Reply Date view Thread view Subject view Author view

This archive was generated by hypermail 2.0b2 on Mon Aug 10 1998 - 17:50:09 PDT

This message has been cleansed for anti-spam protection. Replace '++at++' in any mail addresses with the '@' symbol.