Date: Thu, 21 Apr 2016 08:29:53 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Andrey Chernov <ache@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r298367 - head/lib/libc/locale Message-ID: <20160421062953.GI26116@ivaldir.etoilebsd.net> In-Reply-To: <b8387257-5354-6a66-332b-7d07f1bdb25c@freebsd.org> References: <201604202044.u3KKiUMq081452@repo.freebsd.org> <a2485516-9b18-6323-934d-45ed915b52ff@freebsd.org> <b8387257-5354-6a66-332b-7d07f1bdb25c@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Apr 21, 2016 at 05:00:20AM +0300, Andrey Chernov wrote: > On 21.04.2016 3:57, Andrey Chernov wrote: > > On 20.04.2016 23:44, Baptiste Daroussin wrote: > >> Author: bapt > >> Date: Wed Apr 20 20:44:30 2016 > >> New Revision: 298367 > >> URL: https://svnweb.freebsd.org/changeset/base/298367 > >> > >> Log: > >> Check the returned value of memchr(3) before using it > >> > >> Reported by: Coverity > >> CID: 1338530 > >> > >> Modified: > >> head/lib/libc/locale/ascii.c > >> > >> Modified: head/lib/libc/locale/ascii.c > >> ============================================================================== > >> --- head/lib/libc/locale/ascii.c Wed Apr 20 20:43:05 2016 (r298366) > >> +++ head/lib/libc/locale/ascii.c Wed Apr 20 20:44:30 2016 (r298367) > >> @@ -133,11 +133,14 @@ _ascii_mbsnrtowcs(wchar_t * __restrict d > >> > >> if (dst == NULL) { > >> s = memchr(*src, '\0', nms); > >> + if (s == NULL) > >> + return (nms); > >> + > >> if (*s & 0x80) { > >> errno = EILSEQ; > >> return ((size_t)-1); > >> } > >> - return (s != NULL ? s - *src : nms); > >> + return (s - *src); > >> } > >> > >> s = *src; > >> > > > > The whole code is incorrect, only the very first char is checked, there > > must be a loop like in -stable: > > > > if (dst == NULL) { > > for (s = *src; nms > 0 && *s != '\0'; s++, nms--) { > > if (*s & 0x80) { > > errno = EILSEQ; > > return ((size_t)-1); > > } > > } > > return (s - *src); > > } > > > > Since svn history is lost on deleting, I don't know why incorrect > > version was committed. > > > > Typo, the very first == the very last, i.e. only NUL char is checked > which always pass. > I have restored the history (I hope correctly) Bapt [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXGHNhAAoJEGOJi9zxtz5aaJkP/iWUYS7+Ez+uXI1xSKzTeG0J Ifk5U044Vp5auJWBSJz6a7Oz4ujFOJRPg4nofLf+Q0vYEUod2thY8WvlyySUlpaj alt1iqvSNLzFC1EjzbC1tv9EFFruP3QNtfDn+V1rc4gWAPlmMNrf9wXH6cHqAxEL qZGpHXhJpHR63IQDuP1ntwaXgS7wQf0K9YgkEZzKi0XZWI8mBWofzerZAGouUSHx n/xQdyc73CXq3FgLZ3yQIWJwWy7275b579IXOz6zA04+Ihl7L9y/A2swCoAI8JIM MYlJCIBq/dqk/9kYvHB/zgHXYsk75dG0Gmfjf9eS5JI89BiX06AWfX23B4Wx7AaG k39VJPPTsdqornUiwY3GHe6qkT9kHzobjDqNlzlWloD39CD1reBt8sbtqhdWkwBW gQEyxzuBDLjTlwAWgKYwuKnRbMDbVHvCVS27IzhdATFekqOkKUihSe78r0KUwRMW Awmc2GxyKTziTUIUbRUeMyXKYUhjdTJ4rOI85lClmxetc75mVcswVbk5CC7pcf17 wcFLgbn+CANsJAQ1Ei7dwWwTnd+6ziultHSK5mWeAyDKs/TkVaEexY6hj6hWTsQz B/5Dba73lw5ClWfhuGp4FvAA8mJt5xZI0oddPRERuF8OYeYCNiA1LqY64iV219g9 lHZpc/1wo6OTF/JkftNg =Z6HN -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160421062953.GI26116>