Re: NSTableView - populating from C procedure
Re: NSTableView - populating from C procedure
- Subject: Re: NSTableView - populating from C procedure
- From: Uli Kusterer <email@hidden>
- Date: Sat, 25 Jul 2009 12:56:45 +0200
Am 23.07.2009 um 08:55 schrieb Marco S Hyman:
On Jul 22, 2009, at 11:38 PM, Graham Cox wrote:
My warning was of a very general nature, and may not apply to your
app. But every time you declare buffer space as a stack array, you
should mentally consider whether a buffer exploit might be possible
there.
It was a good warning.
Since the author can rarely guarantee that some data field will
not be filled from an untrusted source *forever* it is always
best to check for and not allow overflow.
Why is everyone so fixated on security exploits? You could be
causing bugs!
E.g. in this case, if the C code assumes a different size for the
buffer than the ObjC method calling it (and you're hard-coding the
array size instead of using a symbolic constant shared by the two),
you may be writing off the end of the array.
If you're lucky, you're on 64 bit and overwriting the canary, making
your app crash. If you're unlucky, there's a function pointer on the
stack that you overwrite with data that is equal to ... oh, I don't
know ... the address of a function that deletes the "Documents"
folder's contents, and suddenly the user has lost data.
In most cases, though, you'll just be slowly and incrementally
corrupting some memory in your app, and half an hour later when that
memory is next used, your app will unexplainably crash.
Graham Cox wrote:
If it checks the buffer size and the string size, it should be OK.
Not all dialects of C have historically supported sizeof() for stack-
based buffers but I think all modern ones do.
I don't think you can use sizeof() on a pointer passed as a
parameter, though. That only works on variables in the current scope.
That pointer could point at anything, so the compiler has no idea
whether it points at the stack or the heap. Even if it generated
specialized code for the stack case, what code would it generate for
the heap case? sizeof() is independent from malloc(), NewPtr() and all
the other allocator schemes the OS knows, sizeof() wouldn't know which
one to use.
Heck, ANSI malloc() doesn't even have a standard way of determining
a block's size.
Cheers,
-- Uli Kusterer
"The Witnesses of TeachText are everywhere..."
http://www.zathras.de
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden