Date: Thu, 13 Feb 1997 10:29:58 -0600 (CST) From: Richard Neswold <neswold@aduxb.fnal.gov> To: hackers@freefall.freebsd.org Subject: Re: strlen() question, maybe str*cpy Message-ID: <Pine.GSO.3.95.970213091402.11349B-100000@aduxb.fnal.gov> In-Reply-To: <199702130437.UAA17244@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Ken Wong <wong@a17b32.rogerswave.ca>
>
> On Wed, 12 Feb 1997, J Wunsch wrote:
> > Why? The worst that would happen by touching off the end of your
> > address space is a SIGSEGV. The problem with str*cpy() touching
> > beyond the bounds of their arrays is that they can _modify_ the stack
> > then, but that can't happen with strlen() since it doesn't modify
> > anything.
>
> why isn't the str*cpy check the BP (base pointer?) register
> and use it to gaurd against stack over right?
Because it slows down the routine.
Because it would make it i386-specific (which would be a hassle for people
planning on porting FreeBSD to other platforms.)
Because it doesn't protect against all types of range errors, like
void func(char const *str)
{
static char buf[100];
strcpy(buf, str);
}
In the above example, the copying might not reach the BP register but still
could overrun the static buffer and destroy other variables.
Rich
========================================================================
Richard Neswold, Accelerator Div./Controls Dept | neswold@fnal.gov
Fermilab, PO Box 500, MS 347, Batavia, IL 60510 | voice (630) 840-3454
'finger neswold@aduxb.fnal.gov' for PGP key | fax (630) 840-3093
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95.970213091402.11349B-100000>