Date: Sat, 14 Oct 1995 14:36:26 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: jc@irbs.com (John Capo) Cc: freebsd-current@freefall.freebsd.org Subject: Re: phkmalloc and X programs Message-ID: <199510142136.OAA21875@phaeton.artisoft.com> In-Reply-To: <199510141955.PAA12591@irbs.irbs.com> from "John Capo" at Oct 14, 95 03:55:07 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Here is another broken X program. Notice the assumption that
> malloc() returns zeroed memory.
>
> xhost.c:
>
> namelen = strlen(name);
> if ((lname = (char *)malloc(namelen)) == NULL) {
> fprintf (stderr, "%s: malloc bombed in change_host\n", ProgramName);
> exit (1);
> }
> for (i = 0; i < namelen; i++) {
> lname[i] = tolower(name[i]);
> }
> if (!strncmp("inet:", lname, 5)) {
> ...
> ...
The only assumption in this code is that namelen is >= 5.
There is no assumption of numm termination on the lname string implicit
in the malloc; if there were, it would be "namelen = strlen(name) + 1;".
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510142136.OAA21875>