From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <07da045134936f2ff61916ea6b5b3711@quanstro.net>
From: erik quanstrom <quanstro@quanstro.net>
Date: Sat,  4 Jul 2009 20:36:56 -0400
To: 9fans@9fans.net
In-Reply-To: <24db968438c83ecd8b9573681c244a0b@smgl.fr.eu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] dial and buffer overflow
Topicbox-Message-UUID: 142da040-ead5-11e9-9d60-3106f5b1d025

On Sat Jul  4 18:12:16 EDT 2009, lejatorn@gmail.com wrote:
> Thanks for the answer Erik.
>
> [...]
> > the extra () around tor->sha1list are confusing.
>
> Noted, thanks, they're gone. I suck at remembering operators precedence
> so I usually add a few parentheses to be on the safe side.

i think it's important to learn operator precedence.
why guess when you can know?  you can steal
the cheet sheet i stole from bwc:

#! /bin/rc
label prec
cat <<!
left to right	() [] -> .
right to left	! ~ ++ -- - (type) * & sizeof
left to right	* / %
left to right	+ -
left to right	<< >>
left to right	< <= > >=
left to right	== !=
left to right	&
left to right	^
left to right	|
left to right	&&
left to right	||
right to left	?:
right to left	= += -= etc.
left to right	,
!

> > the three most common errors that cause this are
> > (a) not allocating enough memory by, e.g.
> > malloc(sizeof tor) not malloc(sizeof *tor). or
> > (b) pointing to a non-static on the stack,
> > or (c) mistyping of tor->sha1list so that sizeof
> > tor->sha1list[0][0] != 1.
>
> Could you elaborate on (b), or point me to an example please? I don't
> really understand what it means or how it could happen...

generally, it's not so obvious, but a variation of this
would do it:

uchar*
badfn(char *txt, uint len)
{
	uchar buf[SHA1dlen];

	sha1(txt, len, sha, nil);
	return buf;
}

- erik