Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/bin/sh Fix an off by one buffer length problem. Fortunatel...
details: https://anonhg.NetBSD.org/src/rev/fa0f1ae06c4b
branches: trunk
changeset: 447687:fa0f1ae06c4b
user: kre <kre%NetBSD.org@localhost>
date: Mon Jan 21 13:27:29 2019 +0000
description:
Fix an off by one buffer length problem. Fortunately, it was off by
one in the "safe" way (it was ensuring the buffer always ended in 2 \0
characters ... one is enough.) This could affect the expansions of
LINENO RANDOM and SECONDS, though only if they have at least 8 digits
(and then, only sometimes). RANDOM thus is safe, as it never produces
a number with more than 5 digits, you'd need a script with 10000000
lines before there might be an issue with LINENO (and even autoconf
generated scripts don't generally get that bit) and a shell would need
to be running for almost 4 months for SECONDS to climb that high.
Nevertheless: XXX pullup -8.
diffstat:
bin/sh/var.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diffs (45 lines):
diff -r 66625026e55a -r fa0f1ae06c4b bin/sh/var.c
--- a/bin/sh/var.c Mon Jan 21 13:19:18 2019 +0000
+++ b/bin/sh/var.c Mon Jan 21 13:27:29 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: var.c,v 1.74 2018/12/12 11:51:33 kre Exp $ */
+/* $NetBSD: var.c,v 1.75 2019/01/21 13:27:29 kre Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)var.c 8.3 (Berkeley) 5/4/95";
#else
-__RCSID("$NetBSD: var.c,v 1.74 2018/12/12 11:51:33 kre Exp $");
+__RCSID("$NetBSD: var.c,v 1.75 2019/01/21 13:27:29 kre Exp $");
#endif
#endif /* not lint */
@@ -1378,7 +1378,7 @@
return vp->text;
#endif
- snprintf(result, length - 1, "%.*s=%d", vp->name_len, vp->text, ln);
+ snprintf(result, length, "%.*s=%d", vp->name_len, vp->text, ln);
return result;
}
#undef result
@@ -1485,7 +1485,7 @@
if (!make_space(&buf, vp->name_len + 2 + digits_in(secs)))
return vp->text;
- snprintf(buf.b, buf.len-1, "%.*s=%jd", vp->name_len, vp->text, secs);
+ snprintf(buf.b, buf.len, "%.*s=%jd", vp->name_len, vp->text, secs);
return buf.b;
}
@@ -1571,7 +1571,7 @@
if (!make_space(&buf, vp->name_len + 2 + digits_in(random_val)))
return vp->text;
- snprintf(buf.b, buf.len-1, "%.*s=%jd", vp->name_len, vp->text,
+ snprintf(buf.b, buf.len, "%.*s=%jd", vp->name_len, vp->text,
random_val);
if (buf.b != vp->text && (vp->flags & (VTEXTFIXED|VSTACK)) == 0)
Home |
Main Index |
Thread Index |
Old Index