Changes between Initial Version and Version 1 of Ticket #11497, comment 2


Ignore:
Timestamp:
Nov 23, 2014, 3:29:21 PM (10 years ago)
Author:
ttcoder

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11497, comment 2

    initial v1  
    2020So presumably no clear indication that it is a mis-cast; the flags especially, differ (but neither make sense compared to the [http://cgit.haiku-os.org/haiku/tree/headers/os/media/Buffer.h#n35 allowed values] anyway ?? ).. So next I'll assume this is indeed a BBuffer, and try to find who is responsible for setting its fData field..
    2121
     22EDIT: hmm actually SizeAvailable() and sizeUsed() are '''suspect''' as all heck: this page
     23https://api.haiku-os.org/classBBuffer.html#a2559ff70225558ef1bc75d166e238e6d
     24says that sizeavailable is the size of the allocated memory, implying that SizeUsed() should be smaller or equal to it.. So writing 14112 bytes into a 378 memory alloc is a massive heap corruption, or am I missing something?
     25
     26Other than that, [http://grok.bikemonkey.org/source/xref/haiku/src/kits/media/BufferGroup.cpp#161 this line] implies that BBuffer::Data() is a common occurence error condition and should be handled properly..