svn commit: r298367 - head/lib/libc/locale
Andrey Chernov
ache at freebsd.org
Thu Apr 21 01:14:25 UTC 2016
On 20.04.2016 23:44, Baptiste Daroussin wrote:
> Author: bapt
> Date: Wed Apr 20 20:44:30 2016
> New Revision: 298367
> URL: https://svnweb.freebsd.org/changeset/base/298367
>
> Log:
> Check the returned value of memchr(3) before using it
>
> Reported by: Coverity
> CID: 1338530
>
> Modified:
> head/lib/libc/locale/ascii.c
>
> Modified: head/lib/libc/locale/ascii.c
> ==============================================================================
> --- head/lib/libc/locale/ascii.c Wed Apr 20 20:43:05 2016 (r298366)
> +++ head/lib/libc/locale/ascii.c Wed Apr 20 20:44:30 2016 (r298367)
> @@ -133,11 +133,14 @@ _ascii_mbsnrtowcs(wchar_t * __restrict d
>
> if (dst == NULL) {
> s = memchr(*src, '\0', nms);
> + if (s == NULL)
> + return (nms);
> +
> if (*s & 0x80) {
> errno = EILSEQ;
> return ((size_t)-1);
> }
> - return (s != NULL ? s - *src : nms);
> + return (s - *src);
> }
>
> s = *src;
>
The whole code is incorrect, only the very first char is checked, there
must be a loop like in -stable:
if (dst == NULL) {
for (s = *src; nms > 0 && *s != '\0'; s++, nms--) {
if (*s & 0x80) {
errno = EILSEQ;
return ((size_t)-1);
}
}
return (s - *src);
}
Since svn history is lost on deleting, I don't know why incorrect
version was committed.
More information about the svn-src-head
mailing list