On Thu, 29 Jan 1998, Angus Mezick wrote:
> You mentioned magic bytes for catching structure overruns. what might
> these be. Can you give an example of their usage?
Currently I have:
/* Initialize these to check for overruns later. */
buf[MAX_STRING_LENGTH - 1] = buf1[MAX_STRING_LENGTH - 1] = MAGIC_NUMBER;
buf2[MAX_STRING_LENGTH - 1] = arg[MAX_STRING_LENGTH - 1] = MAGIC_NUMBER;
And then called every 30 seconds from heartbeat():
void sanity_check(void)
{
int ok = TRUE;
ok &= (buf[offset] == MAGIC_NUMBER || buf[offset] == '\0');
ok &= (buf1[offset] == MAGIC_NUMBER || buf1[offset] == '\0');
ok &= (buf2[offset] == MAGIC_NUMBER || buf2[offset] == '\0');
ok &= (arg[offset] == MAGIC_NUMBER || arg[offset] == '\0');
/*
* This isn't exactly the safest thing to do (referencing known bad memory)
* but we're doomed to crash eventually, might as well try to get something
* useful before we go down. -gg
*/
if (!ok)
log("SYSERR: *** Buffer overflow! ***\n"
"buf: %s\nbuf1: %s\nbuf2: %s\narg: %s", buf, buf1, buf2, arg);
#if 0
log("Statistics: buf=%d buf1=%d buf2=%d arg=%d",
strlen(buf), strlen(buf1), strlen(buf2), strlen(arg));
#endif
}
I overran 'buf' to 12k in an 8k buffer without a crash but this code caught
it. Wonder what 4k of memory I stomped on, and if it was important. :)
(It was a strct() in a for loop doing it.) MAGIC_NUMBER is the same one as
in my buffer patches, 0x06.
--
George Greer - Me@Null.net | Genius may have its limitations, but stupidity
http://www.van.ml.org/~greerga | is not thus handicapped. -- Elbert Hubbard
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST