Summary:
This patch is increasing safty code by handling following case.
sc_compile > OH!! there is uninitialized loacal variable "outfname"!! >
setopt > about > longjmp > setjmp returns 3 > goto cleanup >
then uninitialized data is read from local variable "outfname".
Reviewers: raster, Hermet, jsuya, herb
Reviewed By: jsuya
Subscribers: cedric, #reviewers, #committers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12074
Summary:
The most of functions for embryo based on cell(int) types.
addvariable(), defsymbol(), modstk() and etc.
Because of this, if embryo script has a really big(INT_MAX / 4) stack variable,
integer overflow problem has been happened.
@fix
Test Plan:
Put a script in your EDC like the following code.
Build it and try to access the variable.
Or check the writen HEX value by embryo_cc.
script {
// It's size is 1,000,000,000.
// Remember, INT_MAX is 2,147,483,647.
new my_big_variable[1000000000];
...
}
Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee
Reviewed By: eunue, SanghyeonLee
Subscribers: cedric, #reviewers, #committers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12081
This build was never complete and also was not maintained probebly.
It is also dropped in favour of meson which is cool, merged, works & is fast.
Differential Revision: https://phab.enlightenment.org/D7010
a new shiny buildtool that currently completes in the total of ~ 4 min..
1 min. conf time
2:30 min. build time
Where autotools takes:
1:50 min. conf time
3:40 min. build time.
meson was taken because it went quite good for enlightenment, and is a traction gaining system that is also used by other mayor projects. Additionally, the DSL that is defined my meson makes the configuration of the builds a lot easier to read.
Further informations can be gathered from the README.meson
Right now, bindings & windows support are missing.
It is highly recommented to use meson 0.48 due to optimizations in meson
that reduced the time the meson call would need.
Co-authored-by: Mike Blumenkrantz <zmike@samsung.com>
Differential Revision: https://phab.enlightenment.org/D7012
Depends on D7011
CID 1039677 1039678 1039679
The expression's value does not depend on the operands; often,
this represents an inadvertent logic error.
In doarg: An operation with non-constant operands that
computes a result with constant value (CWE-569)
cell is defined as an int, not a long, so it can't be > INT_MAX.
Summary:
A string is copied to the array '&symbolname[0]' of size 32,
without checking it's length at first at embryo_cc_sc1.c:2101.
So, used assert to avoid possible overflow.
Signed-off-by: Umesh Tanwar <umesh.tanwar@samsung.com>
Reviewers: Hermet, cedric, raster
Reviewed By: raster
Subscribers: singh.amitesh, jpeg
Differential Revision: https://phab.enlightenment.org/D3602
There are still lots of unsafe uses of strcpy, strcat, etc...
Dunno if they are relevant though. Also, assert() may be
compiled out at build time (release mode) so don't rely on it
for safety.
Fixes CID 1039593