Changes between Version 1 and Version 2 of Ticket #11497, comment 2


Ignore:
Timestamp:
Nov 23, 2014, 8:06:36 PM (9 years ago)
Author:
ttcoder

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11497, comment 2

    v1 v2  
    2020So presumably no clear indication that it is a mis-cast; the flags especially, differ (but neither make sense compared to the [http://cgit.haiku-os.org/haiku/tree/headers/os/media/Buffer.h#n35 allowed values] anyway ?? ).. So next I'll assume this is indeed a BBuffer, and try to find who is responsible for setting its fData field..
    2121
    22 EDIT: hmm actually SizeAvailable() and sizeUsed() are '''suspect''' as all heck: this page
    23 https://api.haiku-os.org/classBBuffer.html#a2559ff70225558ef1bc75d166e238e6d
    24 says that sizeavailable is the size of the allocated memory, implying that SizeUsed() should be smaller or equal to it.. So writing 14112 bytes into a 378 memory alloc is a massive heap corruption, or am I missing something?
     22EDIT: hmm actually SizeAvailable() and SizeUsed() are '''suspect''' as all heck: [https://api.haiku-os.org/classBBuffer.html#a2559ff70225558ef1bc75d166e238e6d this page] says that SizeAvailable() is the size of the allocated memory, implying that SizeUsed() should be smaller or equal to it.. So writing 14112 bytes into a 378 memory alloc is a massive heap corruption, or am I missing something?
    2523
    2624Other than that, [http://grok.bikemonkey.org/source/xref/haiku/src/kits/media/BufferGroup.cpp#161 this line] implies that BBuffer::Data() is a common occurence error condition and should be handled properly..