From owner-freebsd-current Sat Oct 14 14:41:18 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA18853 for current-outgoing; Sat, 14 Oct 1995 14:41:18 -0700 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA18848 for ; Sat, 14 Oct 1995 14:41:15 -0700 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id OAA21875; Sat, 14 Oct 1995 14:36:26 -0700 From: Terry Lambert Message-Id: <199510142136.OAA21875@phaeton.artisoft.com> Subject: Re: phkmalloc and X programs To: jc@irbs.com (John Capo) Date: Sat, 14 Oct 1995 14:36:26 -0700 (MST) Cc: freebsd-current@freefall.freebsd.org In-Reply-To: <199510141955.PAA12591@irbs.irbs.com> from "John Capo" at Oct 14, 95 03:55:07 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 796 Sender: owner-current@FreeBSD.org Precedence: bulk > Here is another broken X program. Notice the assumption that > malloc() returns zeroed memory. > > xhost.c: > > namelen = strlen(name); > if ((lname = (char *)malloc(namelen)) == NULL) { > fprintf (stderr, "%s: malloc bombed in change_host\n", ProgramName); > exit (1); > } > for (i = 0; i < namelen; i++) { > lname[i] = tolower(name[i]); > } > if (!strncmp("inet:", lname, 5)) { > ... > ... The only assumption in this code is that namelen is >= 5. There is no assumption of numm termination on the lname string implicit in the malloc; if there were, it would be "namelen = strlen(name) + 1;". Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.