Allow c_data() to return zero byte buffer #2654
Conversation
|
It'll still return an address not owned by the DataBuf, no? |
It's the top edge of the buffer, so it's fine as long as you read zero bytes. That's quite a common edge case, so I think it should be allowed. |
Codecov Report
@@ Coverage Diff @@
## main #2654 +/- ##
==========================================
- Coverage 63.92% 63.92% -0.01%
==========================================
Files 103 103
Lines 22306 22306
Branches 10795 10795
==========================================
- Hits 14260 14259 -1
Misses 5826 5826
- Partials 2220 2221 +1
|
|
Isn't it a potential exploit? That we would provide on our public API? |
I don't think so. The old code only protected against out-of-bounds reads that looked like this: memcpy(mybuf, buf.c_data(buf.size()), 10);But it didn't protect against this, which is almost exactly the same thing: memcpy(mybuf, buf.c_data(buf.size() - 1), 11); |
|
That fuzzer failure is concerning. It probably means that this code was masking a bug somewhere else. I'll investigate. |
|
I wasn't thinking about our code. |
|
I'm sorry, I made a mistake. It turns out there's a similar assertion in |
|
@caclark this fix things? |
|
@neheb No, unfortunately this does not fix the Geeqie related bug. |
|
@Mergifyio backport 0.28.x |
✅ Backports have been created
|
This reverts a change that was made in #2209. I argued at the time that it was a bad idea. Since then it has caused at least two bugs that I'm aware of: #2565, #2650.