bin/101575: [patch] Memory overflow "off-by one" in hexdump(1)
Dan Lukes
dan at obluda.cz
Wed Aug 9 19:44:05 UTC 2006
I didn't understand why OpenBSD didn't use this way:
--- current code ---
size_t len;
...
len = strlen(fmtp) + strlen(cs) + 1;
if ((pr->fmt = calloc(1, len)) == NULL)
err(1, NULL);
snprintf(pr->fmt, len, "%s%s", fmtp, cs);
--- better code ---
asprintf(&pr->fmt, "%s%s", fmtp, cs);
if (pr->fmt == NULL)
err(1, NULL);
-------------------
The implementatin of asprintf on FreeBSD come from OpenBSD, so it's
sure the OpenBSD has this function. This situation is exactly what the
asprintf is for. In advance, we need no additional variable.
I think we should wrote nice effective code and allow the OpenBSD learn
from FreeBSD code. At least sometime. At least when we can wrote better
code ...
But, I'm not sure if you are asking me for this kind of opinion.
Well. Your patch close the reported hole, so it's OK.
Dan
--
Dan Lukes SISAL MFF UK
AKA: dan at obluda.cz, dan at freebsd.cz,dan at kolej.mff.cuni.cz
More information about the freebsd-bugs
mailing list