Date: Wed, 17 Jul 2013 08:10:56 +0400 From: Andrey Chernov <ache@freebsd.org> To: Andriy Gapon <avg@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r253380 - head/lib/libc/stdlib Message-ID: <51E61950.5090206@freebsd.org> In-Reply-To: <201307160726.r6G7QlwE045679@svn.freebsd.org> References: <201307160726.r6G7QlwE045679@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16.07.2013 11:26, Andriy Gapon wrote: > Modified: head/lib/libc/stdlib/getenv.c > ============================================================================== > --- head/lib/libc/stdlib/getenv.c Tue Jul 16 06:50:22 2013 (r253379) > +++ head/lib/libc/stdlib/getenv.c Tue Jul 16 07:26:46 2013 (r253380) > @@ -505,7 +505,7 @@ __setenv(const char *name, size_t nameLe > envVars[envNdx].valueSize = valueLen; > > /* Save name of name/value pair. */ > - env = stpcpy(envVars[envNdx].name, name); > + env = stpncpy(envVars[envNdx].name, name, nameLen); > if ((envVars[envNdx].name)[nameLen] != '=') > env = stpcpy(env, "="); > } > I am not sure what you are trying to fix, but you just made next line condition unpredictable random, since (envVars[envNdx].name)[nameLen] is never filled now and there is freshly malloced memory content, which is picked for != '=' comparison. Please back it out or fix. Bug demonstration example added will be nice too, I see no bug in the original code at first glance. -- http://ache.vniz.net/ bitcoin:1G6ugdNY6e5jx1GVnAU2ntj2NEfmjKG85r
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51E61950.5090206>