svn commit: r234528 - head/lib/libc/stdio
Peter Jeremy
peterjeremy at acm.org
Sat Apr 21 07:07:12 UTC 2012
On 2012-Apr-21 06:08:02 +0000, David Schultz <das at FreeBSD.org> wrote:
>Log:
> Fix a bug introduced in r187302 that was causing fputws() to enter an
> infinite loop pretty much unconditionally.
Unfortunately, I suspect you've just turned an unconditional infinite
loop into a conditional one. There's still a "wsp = ws;" inside the
loop so if you pass in a long string (one that exceeds BUFSIZ bytes
when converted to a multi-byte string) then wsp will be non-NULL
after the call to __wcsnrtombs(), causing the do loop to loop and
then wsp will be re-initialised to ws. I think the fix is to move
the "wsp = ws;" outside the loop.
> It's remarkable that the
> patch that introduced the bug was never tested, but even more
> remarkable that nobody noticed for over two years.
It took me a while to work out that the problem was libc and not my code.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-head/attachments/20120421/3e39fd16/attachment.pgp
More information about the svn-src-head
mailing list