svn commit: r343408 - head/usr.bin/whereis
Stefan Esser
se at FreeBSD.org
Thu Jan 24 18:39:46 UTC 2019
Author: se
Date: Thu Jan 24 18:39:45 2019
New Revision: 343408
URL: https://svnweb.freebsd.org/changeset/base/343408
Log:
Silence Clang Scan warnings regarding the use of strcp().
While these warnings are false positives, the use of strdup() instead of
malloc() and strcpy() simplifies and clarifies the code.
While checking the remaining uses of strcpy and strcat I noticed an
assignment of a strlen() to a variable "s", whose value needs to be
preserved for use in later output routines (where it is used to allocate
a buffer). I do not think that the value of "s" will come out lower than
its correct value and thus there is no risk of a buffer overflow, in the
general case, but a specially crafter argument might lead to an overflow.
The bogus assignment to "s" is removed since this value was only used a
single time in the following malloc() call, which has been removed.
MFC after: 2 weeks
Modified:
head/usr.bin/whereis/whereis.c
Modified: head/usr.bin/whereis/whereis.c
==============================================================================
--- head/usr.bin/whereis/whereis.c Thu Jan 24 18:26:30 2019 (r343407)
+++ head/usr.bin/whereis/whereis.c Thu Jan 24 18:39:45 2019 (r343408)
@@ -285,9 +285,9 @@ defaults(void)
bindirs[nele] = NULL;
if ((cp = getenv("PATH")) != NULL) {
/* don't destroy the original environment... */
- if ((b = malloc(strlen(cp) + 1)) == NULL)
+ b = strdup(cp);
+ if (b == NULL)
abort();
- strcpy(b, cp);
decolonify(b, &bindirs, &nele);
}
}
@@ -301,18 +301,18 @@ defaults(void)
err(EX_OSERR, "error processing manpath results");
if ((b = strchr(buf, '\n')) != NULL)
*b = '\0';
- if ((b = malloc(strlen(buf) + 1)) == NULL)
+ b = strdup(buf);
+ if (b == NULL)
abort();
- strcpy(b, buf);
nele = 0;
decolonify(b, &mandirs, &nele);
}
/* -s defaults to precompiled list, plus subdirs of /usr/ports */
if (!sourcedirs) {
- if ((b = malloc(strlen(sourcepath) + 1)) == NULL)
+ b = strdup(sourcepath);
+ if (b == NULL)
abort();
- strcpy(b, sourcepath);
nele = 0;
decolonify(b, &sourcedirs, &nele);
@@ -523,11 +523,9 @@ main(int argc, char **argv)
* man -w found plain source
* page, use it.
*/
- s = strlen(buf);
- cp2 = malloc(s + 1);
+ cp2 = strdup(buf);
if (cp2 == NULL)
abort();
- strcpy(cp2, buf);
}
if (man == NULL) {
More information about the svn-src-head
mailing list