Thursday, January 28, 2010

order is important: memset, thunderbird 3.0.1

A few minutes ago, I heard that Thunderbird 3.0.1 can cause email corruption, which alarmed me, because that's what I am currently running.  I investigated, and noticed that in the patch the root issue was an incorrect usage of memset...  Specifically, the "size_t n[umber]" parameter, which indicates how many bytes to write, was swapped with the "int c[onstant]" parameter, indicating the byte to write.  Luckily for most of these "backwards" errors, the fill-byte constant is a 0, so when it is placed in the "number of bytes to write" position, it doesn't matter that there is now a "random" number in the fill-byte constant.  Unfortunately, you then end up using uninitialized (or old) data, like in this case with TB3.  A google codesearch reveals just how often this problem occurs...

No comments:

Post a Comment