Date: Fri, 13 Jun 1997 15:10:02 -0700 (PDT) From: ac199@hwcn.org To: freebsd-bugs Subject: Re: bin/3451: vasprintf() doesn't work. Message-ID: <199706132210.PAA23539@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/3451; it has been noted by GNATS. From: ac199@hwcn.org To: freebsd-gnats-submit@freebsd.org, Tim.Vanderhoek@X2296 Cc: peter@freebsd.org Subject: Re: bin/3451: vasprintf() doesn't work. Date: Fri, 13 Jun 1997 18:05:29 -0400 (EDT) [Cc'd to peter as the last to touch vasprintf.c] > Problem Report bin/3451 > > vasprintf() doesn't work. > > Fix > > >*** old.vasprintf.c Tue Apr 29 21:32:00 1997 >--- vasprintf.c Tue Apr 29 21:31:45 1997 Of course, this still isn't right... [post-patch vasprintf.c] >--- 111,118 ---- > if (h.base == NULL) /* failed to realloc in writehook */ > return (-1); > > *str = realloc(h.base, (size_t)(h.size - h.left + 1)); >+ (*str)[h.size - h.left] = '\0'; > if (*str == NULL) /* failed to realloc it to actual size */ > *str = h.base; /* return oversize buffer */ > return (ret); realloc() can fail, resulting in a null pointer dereference. That's undesirable. Try, instead, *** orig.vasprintf.c Tue Apr 29 21:32:00 1997 --- vasprintf.c Fri Jun 13 17:54:17 1997 *************** *** 111,119 **** if (h.base == NULL) /* failed to realloc in writehook */ return (-1); - h.base[h.size - h.left] = '\0'; *str = realloc(h.base, (size_t)(h.size - h.left + 1)); if (*str == NULL) /* failed to realloc it to actual size */ ! *str = h.base; /* return oversize buffer */ return (ret); } --- 111,119 ---- if (h.base == NULL) /* failed to realloc in writehook */ return (-1); *str = realloc(h.base, (size_t)(h.size - h.left + 1)); if (*str == NULL) /* failed to realloc it to actual size */ ! return (-1); ! (*str)[h.size - h.left] = '\0'; return (ret); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706132210.PAA23539>