search

cmatsuoka / figlet

Claudio's FIGlet tree
http://www.figlet.org
BSD 3-Clause "New" or "Revised" License
1.33k stars 127 forks source link

Invalid memory access on smushing #2

Closed cmatsuoka closed 13 years ago

cmatsuoka commented 13 years ago

Valgrind reports invalid memory access at smushing code:

==5623== Command: ./figlet blah
==5623== 
==5623== Invalid read of size 1
==5623==    at 0x804B3D8: addchar (figlet.c:1451)
==5623==    by 0x804C2AA: main (figlet.c:1985)
==5623==  Address 0x41d638f is 1 bytes before a block of size 80 alloc'd
==5623==    at 0x4025BD3: malloc (vg_replace_malloc.c:236)
==5623==    by 0x8048B1C: myalloc (figlet.c:257)
==5623==    by 0x804AAFC: linealloc (figlet.c:1235)
==5623==    by 0x804C0C8: main (figlet.c:1931)
==5623== 
==5623== Invalid write of size 1
==5623==    at 0x804B3EA: addchar (figlet.c:1450)
==5623==    by 0x804C2AA: main (figlet.c:1985)
==5623==  Address 0x41d638f is 1 bytes before a block of size 80 alloc'd
==5623==    at 0x4025BD3: malloc (vg_replace_malloc.c:236)
==5623==    by 0x8048B1C: myalloc (figlet.c:257)
==5623==    by 0x804AAFC: linealloc (figlet.c:1235)
==5623==    by 0x804C0C8: main (figlet.c:1931)
==5623==

This is caused by a smushamount of -1.

cmatsuoka commented 13 years ago

Fixing it.

cmatsuoka commented 13 years ago

Fixed.

Smushing characters at the line start can cause the next character to be copied to an offset before the start of the line buffer. In this case, add an offset to source and copy to a valid destination position.