Off-by-one error in ngets() causing panic in loader(8)?
John Baldwin
jhb at freebsd.org
Tue Mar 31 08:03:30 PDT 2009
On Monday 30 March 2009 5:23:07 pm Bruce Cran wrote:
> I've noticed that if I fill the input buffer at the loader prompt on
> 7-STABLE I get panic with a guard page failure. From what I can see
> the loader uses the ngets function in src/lib/libstand/gets.c with a
> buffer of size of 256. If I print out the value of strlen(input) in
> interp.c I get 256. Shouldn't line 77 of gets.c be comparing (lp-buf)
> against (n-1) instead of n?
Yep. I've committed the fix. The libstand(3) manpage states that ngets()
puts in at most n - 1 characters followed by a NULL, so n - 1 is the correct
fix.
--
John Baldwin
More information about the freebsd-stable
mailing list