Re: Buffer Overflow - fvwrite.c and fread.c sources

To: nikunj badjatya <nikunjbadjatya%gmail.com@localhost>
Subject: Re: Buffer Overflow - fvwrite.c and fread.c sources
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Wed, 22 Dec 2010 00:50:02 +0000

On Tue, Dec 21, 2010 at 03:38:31PM +0530, nikunj badjatya wrote:
> I am just 3 months old to Linux and Cprogramming.

This mailing list is about the NetBSD operating system, not about Linux.

> Recently started investigating on Buffer overflow issues with fvwrite.c and
> fread.c sources.

Please explain why you think there is a buffer overflow issue.
I've just reviewed the implemenetation of fread(3) in "fread.c" and
it looks fine to me.

> Present in lib/libc/stdio/* folder. Here's my investigation:-
> {
> There is a memcpy function.
> 
> *1. at line 81 in fread.c -
> (void)memcpy((void *)p, (void *)fp->_p, (size_t)r);

Line 81 of "fread.c" looks like this:

        /* fp->_r = 0 ... done in __srefill */

> 2. and at line 168 in fvwrite.c. after expanding COPY macro*.

What COPY macro? There is no COPY macro defined or used in "fread.c".
Can you please explain which *NetBSD* sources you are looking at?

> How do I know the contents of FILE structure.?

It is private to the library and therefore off limits.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

Follow-Ups:
- Re: Buffer Overflow - fvwrite.c and fread.c sources
  - From: nikunj badjatya

References:
- Buffer Overflow - fvwrite.c and fread.c sources
  - From: nikunj badjatya

Prev by Date: Buffer Overflow - fvwrite.c and fread.c sources
Next by Date: Re: Buffer Overflow - fvwrite.c and fread.c sources
Previous by Thread: Buffer Overflow - fvwrite.c and fread.c sources
Next by Thread: Re: Buffer Overflow - fvwrite.c and fread.c sources
Indexes:

Home | Main Index | Thread Index | Old Index