[haiku-bugs] Re: [Haiku] #10259: CDDA-related KDL: ASCII string corrupts kernel structures

  • From: "anevilyak" <trac@xxxxxxxxxxxx>
  • Date: Wed, 27 Nov 2013 23:20:55 -0000

#10259: CDDA-related KDL: ASCII string corrupts kernel structures
---------------------------------+----------------------------
   Reporter:  ttcoder            |      Owner:  axeld
       Type:  bug                |     Status:  assigned
   Priority:  normal             |  Milestone:  R1
  Component:  File Systems/cdda  |    Version:  R1/Development
 Resolution:                     |   Keywords:
 Blocked By:                     |   Blocking:
Has a Patch:  0                  |   Platform:  All
---------------------------------+----------------------------
Changes (by anevilyak):

 * owner:  nobody => axeld
 * status:  new => assigned
 * component:  - General => File Systems/cdda


Comment:

 From a quick look at cddafs, it's to_utf8() looks a bit suspect: in the c
 < 0x800 case ( http://cgit.haiku-os.org/haiku/tree/src/add-
 ons/kernel/file_systems/cdda/cdda.cpp#n63 ), it increments out by two,
 which, if out happens to be at 254 at the time, would cause us to miss our
 end of string break condition and keep happily decoding characters,
 overwriting parts of the stack in the process. Haven't looked more closely
 elsewhere but it might generally be worth a more thorough review, as the
 driver does quite a bit of string manipulation.

--
Ticket URL: <http://dev.haiku-os.org/ticket/10259#comment:6>
Haiku <http://dev.haiku-os.org>
Haiku - the operating system.

Other related posts: