>Number:         24014
>Category:       bin
>Synopsis:       fmt's ispref() steps only its first variable, leading to wrong results.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 07 17:27:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Martin Weber
>Release:        NetBSD 1.6ZG
>Organization:
	
>Environment:
    fmt.c:
        $NetBSD: fmt.c,v 1.17 2003/08/07 11:13:47 agc Exp $
        $NetBSD: fmt.c,v 1.17 2003/08/07 11:13:47 agc Exp $
	
	
System: NetBSD phaeton.entropie.net 1.6ZG NetBSD 1.6ZG (FAETON) #0: Mon Dec 15 01:29:47 CET 2003 root@phaeton.entropie.net:/space/obj/usr/src/sys/arch/i386/compile/FAETON i386
Architecture: i386
Machine: i386
>Description:
	The following is ispref() from fmt.c, usr.bin/fmt/fmt.c:

	static int ispref(const char*s1, const char*s2) {
		while (*s1++ == *s2) ;
		return (*s1 == '\0');
	}

	This only steps its first variable, i.e. "ab" is, due to ispref(),
	NOT a prefix to "abcd". "aaaaaaaa", though, IS a prefix of "ab" ..
	(due to ispref()). When adding the stepping of the second var (s2),
	we gotta check *s1/*s2, too -- if s1 == s2 it'll coredump else
	(ispref("a", "a") -> *s1++ == *s2++ ('a'), *s1++ == *s2++ ('\0'), *s1++ -> BOOM)
	
>How-To-Repeat:
	Er, code viewing.
	
>Fix:
	
Index: fmt.c
===================================================================
RCS file: /pub/NetBSD-CVS/src/usr.bin/fmt/fmt.c,v
retrieving revision 1.17
diff -u -r1.17 fmt.c
--- fmt.c       2003/08/07 11:13:47     1.17
+++ fmt.c       2004/01/07 17:17:25
@@ -526,7 +526,7 @@
 ispref(const char *s1, const char *s2)
 {
 
-       while (*s1++ == *s2)
+       while (*s1 && *s2 && *s1++ == *s2++)
                ;
        return (*s1 == '\0');
 }

>Release-Note:
>Audit-Trail:
>Unformatted: