Date: Thu, 21 Jul 2016 01:39:33 +0200 From: =?UTF-8?B?VGltIMSMYXM=?= <darkuranium@gmail.com> To: freebsd-current@freebsd.org Subject: Re: UTF-8 by default? Message-ID: <CANd9X8ez1OQUGKBBMyGO5U6JoZaLoF4op7_%2BeZC7te_Rv-cMgQ@mail.gmail.com> In-Reply-To: <CANd9X8fceuHZsaLwEOwXY07wHwLyvFD-QAvw-0wejVVnJ_wqtQ@mail.gmail.com> References: <CANd9X8fFB8OAmc1oasJNb8HxANmh6qKQqYbmhHwiBv1=K3w%2Bmw@mail.gmail.com> <201607202023.u6KKNksl055230@gw.catspoiler.org> <CANd9X8fceuHZsaLwEOwXY07wHwLyvFD-QAvw-0wejVVnJ_wqtQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I managed to find some time to have a closer look right now, and there isn't a problem with the `read(2)` (meaning it's a false positive). The code could use some cleanup for easier auditability (or maybe not ... "if it ain't broken, don't fix it!"), but it's otherwise not broken --- well, at least where Coverity reported the issue. On 21 July 2016 at 00:14, Tim =C4=8Cas <darkuranium@gmail.com> wrote: > On 20 July 2016 at 22:23, Don Lewis <truckman@freebsd.org> wrote: >> It passes a fixed-length non-NUL terminated buffer (returned by read(2)) >> to mbrtowc(). In addition to the lack of termination, the buffer could >> also contain a partial character at its beginning or end if the contents >> are UTF-8. >> >> The Coverity ID is 978825. > > I don't have access to Coverity, but with boru's help, I managed to > check the lines. There is no problem as far as I can tell --- yes, the > buffer is not NUL-terminated [1], *BUT* `mbrtowc(3)` takes a `len` > argument (which is returned from said `read(2)`), so it never tries to > read out of scope [2,3]. > > The problem might still be elsewhere, though --- the code is somewhat > hairy, so I'll give it a closer check tomorrow. > > [1] https://svnweb.freebsd.org/base/head/usr.bin/wc/wc.c?view=3Dmarkup#l2= 77 > [2] https://svnweb.freebsd.org/base/head/usr.bin/wc/wc.c?view=3Dmarkup#l2= 90 > [3] `man 3 mbrtowc`
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANd9X8ez1OQUGKBBMyGO5U6JoZaLoF4op7_%2BeZC7te_Rv-cMgQ>