svn commit: r298367 - head/lib/libc/locale
Andrey Chernov
ache at freebsd.org
Thu Apr 21 02:18:50 UTC 2016
On 21.04.2016 3:57, Andrey Chernov wrote:
> On 20.04.2016 23:44, Baptiste Daroussin wrote:
>> Author: bapt
>> Date: Wed Apr 20 20:44:30 2016
>> New Revision: 298367
>> URL: https://svnweb.freebsd.org/changeset/base/298367
>>
>> Log:
>> Check the returned value of memchr(3) before using it
>>
>> Reported by: Coverity
>> CID: 1338530
>>
>> Modified:
>> head/lib/libc/locale/ascii.c
>>
>> Modified: head/lib/libc/locale/ascii.c
>> ==============================================================================
>> --- head/lib/libc/locale/ascii.c Wed Apr 20 20:43:05 2016 (r298366)
>> +++ head/lib/libc/locale/ascii.c Wed Apr 20 20:44:30 2016 (r298367)
>> @@ -133,11 +133,14 @@ _ascii_mbsnrtowcs(wchar_t * __restrict d
>>
>> if (dst == NULL) {
>> s = memchr(*src, '\0', nms);
>> + if (s == NULL)
>> + return (nms);
>> +
>> if (*s & 0x80) {
>> errno = EILSEQ;
>> return ((size_t)-1);
>> }
>> - return (s != NULL ? s - *src : nms);
>> + return (s - *src);
>> }
>>
>> s = *src;
>>
>
> The whole code is incorrect, only the very first char is checked, there
> must be a loop like in -stable:
>
> if (dst == NULL) {
> for (s = *src; nms > 0 && *s != '\0'; s++, nms--) {
> if (*s & 0x80) {
> errno = EILSEQ;
> return ((size_t)-1);
> }
> }
> return (s - *src);
> }
>
> Since svn history is lost on deleting, I don't know why incorrect
> version was committed.
>
Typo, the very first == the very last, i.e. only NUL char is checked
which always pass.
More information about the svn-src-head
mailing list