Date: Sat, 30 Jun 2012 05:05:15 -0500 From: "jfoug" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: RE: asan report >From: magnum Sent: Saturday, June 30, 2012 4:55 AM >I think I see now. It's just the self-tests. For example, one self-test >does: > > format->methods.set_key("", index); > >I think we should "fix" the self-tests, not the formats. If anything. I was just going to reply the same thing. We are reading past buffer, by up to 3 bytes, but properly detecting and handling it internally. However, in the self test, we are dealing with const strings, of known size. Thus, on a picky compiler, it will not allow this. Simple fix. Put a buffer on stack in self test, large enough for the work, and use it. This would also allow us to force a non-aligned input for the password also. Jim.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ