Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Jan 2004 21:18:04 +0100
From:      Stefan Farfeleder <stefan@fafoe.narf.at>
To:        Jacques Vidrine <nectar@FreeBSD.org>
Cc:        cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/lib/libc/posix1e acl_delete_entry.c
Message-ID:  <20040106201801.GA1348@wombat.fafoe.narf.at>
In-Reply-To: <200401061843.i06IhV2L068324@repoman.freebsd.org>
References:  <200401061843.i06IhV2L068324@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jan 06, 2004 at 10:43:31AM -0800, Jacques Vidrine wrote:
> nectar      2004/01/06 10:43:31 PST
> 
>   FreeBSD src repository
> 
>   Modified files:
>     lib/libc/posix1e     acl_delete_entry.c 
>   Log:
>   Avoid undefined behavior:
>     foo[i] = bar[++i];  /* Which operator [] will be evaluated first? */
>   
>   Revision  Changes    Path
>   1.6       +2 -2      src/lib/libc/posix1e/acl_delete_entry.c

@@ -61,9 +61,9 @@ acl_delete_entry(acl_t acl, acl_entry_t 
 		if ((acl->ats_acl.acl_entry[i].ae_tag == entry_d->ae_tag) &&
 		    (acl->ats_acl.acl_entry[i].ae_id == entry_d->ae_id)) {
 			/* ...shift the remaining entries... */
-			while (i < acl->ats_acl.acl_cnt - 1)
+			for (; i < acl->ats_acl.acl_cnt - 1; ++i)
 				acl->ats_acl.acl_entry[i] =
-				    acl->ats_acl.acl_entry[++i];
+				    acl->ats_acl.acl_entry[i];

I think that last assignment should read:

acl->ats_acl.acl_entry[i] = acl->ats_acl.acl_entry[i + 1];

Using memmove() instead might be a good idea too.

Cheers,
Stefan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040106201801.GA1348>