Hi Tom,
Can you take a look?
Per Coverity.
There is something wrong with the definition of QUEUE_PAGESIZE on async.c
1. #define QUEUE_PAGESIZE BLCKSZ
2. BLCKSZ is 8192
3..sizeof(AsyncQueueControl) is 8080, according to Coverity (Windows 64 bits)
4. (Line 1508) qe.length = QUEUE_PAGESIZE - offset;
5. offset is zero
6. qe.length is 8192
/* Now copy qe into the shared buffer page */
memcpy(NotifyCtl->shared->page_buffer[slotno] + offset,
&qe,
qe.length);
CID 1428952 (#1 of 1): Out-of-bounds access (OVERRUN) at line 1515, with memcpy call.
9. overrun-buffer-arg: Overrunning struct type AsyncQueueEntry of 8080 bytes by passing it to a function which accesses it at byte offset 8191 using argument qe.length (which evaluates to 8192).
Question:
1. NotifyCtl->shared->page_buffer[slotno] is really struct type AsyncQueueEntry?
regards,
Ranier Vilela