Pedro, I agree about the analyses; maybe not wrong, just unclear. This one paragraph really stumps me:
QUOTE | In the header section of this file, there is a 4 byte size member, which specifies the size of the file including itself. The dashboard first reads the header, subtracts the length of the header from this size, allocates to fit a file of this size, and reads that number of bytes into the allocated block. Because the size variable includes itself, values of 0, 1, 2 or 3 will cause an underflow condition when the size of the size variable itself is subtracted. The dashboard will then allocate only 0-3 bytes of memory, and attempt to read up to several gig into it, overwriting large sections of memory. |
No matter how I read this, I keep coming up with this pseudo-code
CODE | read fontheader fontdatasize=fontheader.size - 64 <-----64 is the size of the fontheader allocate fontdatasize bytes of data on the heap read fontdatasize bytes of data from the file
|
Which means that any size value of 64 or less will cause an underflow. Of course the example, seems to contradict this. What am I mis-reading here? |