"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
"Todd C. Miller" <millert@openbsd.org>
Subject:
Re: reuse tree entries array while parsing trees
To:
Stefan Sperling <stsp@stsp.name>
Cc:
gameoftrees@openbsd.org
Date:
Tue, 18 Oct 2022 15:01:39 -0600

Download raw body.

Thread
On Tue, 18 Oct 2022 22:57:23 +0200, Stefan Sperling wrote:

> So this struct provides offsets into another buffer, where the
> actual tree data is stored. This tree buffer itself is still
> allocated and freed each time.
>
> Each time we parse a new tree, all fields of above struct will be
> rewritten, up to as many entries as the newly parsed tree contains.
> If the allocation is larger, the remaining entries will contain
> pointers into tree buffers which have been freed, and callers
> know not to look at entries beyond the number of valid entries.
> Could such pointers be abused? If so, I could simply NULL them out
> before returning from the parser.

OK, so nothing should rely on the fields being zeroed.  I think it
is fine as-is then.

 - todd