Summary:
This patch is increasing safty code by handling following case.
sc_compile > OH!! there is uninitialized loacal variable "outfname"!! >
setopt > about > longjmp > setjmp returns 3 > goto cleanup >
then uninitialized data is read from local variable "outfname".
Reviewers: raster, Hermet, jsuya, herb
Reviewed By: jsuya
Subscribers: cedric, #reviewers, #committers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12074
Summary:
The most of functions for embryo based on cell(int) types.
addvariable(), defsymbol(), modstk() and etc.
Because of this, if embryo script has a really big(INT_MAX / 4) stack variable,
integer overflow problem has been happened.
@fix
Test Plan:
Put a script in your EDC like the following code.
Build it and try to access the variable.
Or check the writen HEX value by embryo_cc.
script {
// It's size is 1,000,000,000.
// Remember, INT_MAX is 2,147,483,647.
new my_big_variable[1000000000];
...
}
Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee
Reviewed By: eunue, SanghyeonLee
Subscribers: cedric, #reviewers, #committers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12081
CID 1039677 1039678 1039679
The expression's value does not depend on the operands; often,
this represents an inadvertent logic error.
In doarg: An operation with non-constant operands that
computes a result with constant value (CWE-569)
cell is defined as an int, not a long, so it can't be > INT_MAX.
Summary:
A string is copied to the array '&symbolname[0]' of size 32,
without checking it's length at first at embryo_cc_sc1.c:2101.
So, used assert to avoid possible overflow.
Signed-off-by: Umesh Tanwar <umesh.tanwar@samsung.com>
Reviewers: Hermet, cedric, raster
Reviewed By: raster
Subscribers: singh.amitesh, jpeg
Differential Revision: https://phab.enlightenment.org/D3602
There are still lots of unsafe uses of strcpy, strcat, etc...
Dunno if they are relevant though. Also, assert() may be
compiled out at build time (release mode) so don't rely on it
for safety.
Fixes CID 1039593
The follow are left:
{{{
bin/embryo/embryo_cc_sc1.c: In function ‘dowhile’:
bin/embryo/embryo_cc_sc1.c:3524:24: warning: declaration of ‘wq’ shadows a global declaration [-Wshadow]
bin/embryo/embryo_cc_sc1.c:115:21: warning: shadowed declaration is here [-Wshadow]
bin/embryo/embryo_cc_sc1.c: In function ‘dodo’:
bin/embryo/embryo_cc_sc1.c:3546:24: warning: declaration of ‘wq’ shadows a global declaration [-Wshadow]
bin/embryo/embryo_cc_sc1.c:115:21: warning: shadowed declaration is here [-Wshadow]
bin/embryo/embryo_cc_sc1.c: In function ‘dofor’:
bin/embryo/embryo_cc_sc1.c:3565:24: warning: declaration of ‘wq’ shadows a global declaration [-Wshadow]
bin/embryo/embryo_cc_sc1.c:115:21: warning: shadowed declaration is here [-Wshadow]
}}}
looking at their code, they say to alloc a local "wq", but then they
call functions such as delwhile() that changes the global... VERY suspicious!!
SVN revision: 82734
this is still in progress, mostly the multisense stuff is pending.
it seems that when we merge ecore_audio in edje the libremix and
similar are gone, at least from Edje, and will be in ecore_audio
itself (or pulseaudio).
Changes:
* __UNUSED__ to EINA_UNUSED
* binaries (epp, embryo_cc, edje_cc) now consider EFL_RUN_IN_TREE and
will assume the binaries are still not installed, running from
build tree location (needs more testing, maybe doesn't work with
srcdir != builddir, still doesn't solve cross compile builds)
SVN revision: 82139