Date: Mon, 08 Sep 2014 00:03:48 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 193447] New: strvisx: Handle zero-length input strings gracefully. Message-ID: <bug-193447-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193447 Bug ID: 193447 Summary: strvisx: Handle zero-length input strings gracefully. Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: conrad.meyer@isilon.com Created attachment 147037 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=147037&action=edit patch -p0 against CURRENT. The internal istrsenvisx() routine overloaded the zero length value as a sentinel for "use strlen(3)." This is bad because the zero-length source string has a defined behavior and the pointer for a zero-length string may be completely bogus. Calling strlen(3) on a bogus pointer is bad. Instead, use ssize_t for the input string length and use a #defined constant MB_STRZ == (-1) as the sentinel for the nul-terminated strvis variants (strvis, etc). Sponsored by: EMC / Isilon storage division -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193447-8>