[Bug 193447] New: strvisx: Handle zero-length input strings gracefully.

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Sep 8 00:03:48 UTC 2014


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193447

            Bug ID: 193447
           Summary: strvisx: Handle zero-length input strings gracefully.
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: conrad.meyer at isilon.com

Created attachment 147037
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=147037&action=edit
patch -p0 against CURRENT.

The internal istrsenvisx() routine overloaded the zero length value as a
sentinel for "use strlen(3)." This is bad because the zero-length source string
has a defined behavior and the pointer for a zero-length string may be
completely bogus. Calling strlen(3) on a bogus pointer is bad.

Instead, use ssize_t for the input string length and use a #defined constant
MB_STRZ == (-1) as the sentinel for the nul-terminated strvis variants (strvis,
etc).

Sponsored by:    EMC / Isilon storage division

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list