Pages: 1

#1 2015-05-27 13:33:33

Magnus
Member
Registered: 2015-05-27
Posts: 2

Pointer arithmetic overflow.

Hi, just wanted to alert you to an problem around some pointer arithmetic.

I got an access violation and traced it to the method: 

TPdfWrite.Add(Text: PAnsiChar; Len: integer): TPdfWrite;

The ultimate reason was the statement: 

if B+Len>=Bend then begin

In my case 

B = $FFF73C82 
Len = $A2CBA
B + Len = $1693C
Bend = $FFF73DD3

and the if statement evaluated to false and the buffer was not reallocated, leading to an access violation.

I change the code to 

if Len >= Bend - B then begin

and the problem was avoided.

Regards,

/Magnus

Offline

#2 2015-05-27 15:13:04

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,206
Website

Re: Pointer arithmetic overflow.

Why is the B pointer negative?
Is is due to http://en.wikipedia.org/wiki/Address_sp … domization ?
On which system? In which context?
I've never observed this until know.

I tried to fix such problem with TPdfWrite and also with TTextWriter (used e.g. for JSON creation or TSynLog).
See http://synopse.info/fossil/info/5ecb9f455b
But there may be other potential similar issues in our source code: any additional input is welcome!

Thanks for the feedback!

Offline

Pages: 1

Board footer

Powered by FluxBB