bin/101575: [patch] Memory overflow "off-by one" in hexdump(1)

Dan Lukes dan at
Wed Aug 9 19:44:05 UTC 2006

	I didn't understand why OpenBSD didn't use this way:

--- current code ---
size_t len;
len = strlen(fmtp) + strlen(cs) + 1;
if ((pr->fmt = calloc(1, len)) == NULL)
	err(1, NULL);
snprintf(pr->fmt, len, "%s%s", fmtp, cs);
--- better code ---
asprintf(&pr->fmt, "%s%s", fmtp, cs);
if (pr->fmt == NULL)
	err(1, NULL);

	The implementatin of asprintf on FreeBSD come from OpenBSD, so it's 
sure the OpenBSD has this function. This situation is exactly what the 
asprintf is for. In advance, we need no additional variable.

	I think we should wrote nice effective code and allow the OpenBSD learn 
from FreeBSD code. At least sometime. At least when we can wrote better 
code ...

	But, I'm not sure if you are asking me for this kind of opinion.

	Well. Your patch close the reported hole, so it's OK.


Dan Lukes                                   SISAL MFF UK
AKA: dan at, dan at,dan at

More information about the freebsd-bugs mailing list