[src/trunk]: src/usr.sbin/pkg_install/lib Using strcmp with NULL pointers is ...

[wiz <wiz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d67961521d0f
branches:  trunk
changeset: 506820:d67961521d0f
user:      wiz <wiz%NetBSD.org@localhost>
date:      Mon Mar 05 16:48:35 2001 +0000

description:
Using strcmp with NULL pointers is a bad idea. Fixes pkg/11647.

diffstat:

 usr.sbin/pkg_install/lib/str.c |  32 ++++++++++++++++++++++++++++----
 1 files changed, 28 insertions(+), 4 deletions(-)

diffs (66 lines):

diff -r 047ca9e6b5fc -r d67961521d0f usr.sbin/pkg_install/lib/str.c
--- a/usr.sbin/pkg_install/lib/str.c    Mon Mar 05 16:46:23 2001 +0000
+++ b/usr.sbin/pkg_install/lib/str.c    Mon Mar 05 16:48:35 2001 +0000
@@ -1,11 +1,11 @@
-/*     $NetBSD: str.c,v 1.25 2001/01/01 22:07:35 hubertf Exp $ */
+/*     $NetBSD: str.c,v 1.26 2001/03/05 16:48:35 wiz Exp $     */
 
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
 static const char *rcsid = "Id: str.c,v 1.5 1997/10/08 07:48:21 charnier Exp";
 #else
-__RCSID("$NetBSD: str.c,v 1.25 2001/01/01 22:07:35 hubertf Exp $");
+__RCSID("$NetBSD: str.c,v 1.26 2001/03/05 16:48:35 wiz Exp $");
 #endif
 #endif
 
@@ -110,6 +110,22 @@
        int     in_nb = 0;
        int     cmp;
 
+       if ((a == NULL) || (b == NULL)) {
+               /*
+                * At least one of the supposed versions is not
+                * really a version; treat nonexisting versions as
+                * lowest possible.
+                */
+               if (a == NULL)
+                       cmp = -1;
+               else if (b == NULL)
+                       cmp = 1;
+               else
+                       cmp = 0;
+
+               return (op == GE) ? cmp >= 0 : (op == GT) ? cmp > 0 : (op == LE) ? cmp <= 0 : cmp < 0;
+       }
+
        /* Null out 'n' in any "nb" suffixes for initial pass */
        if ((a_nb = strstr(a, "nb")))
            *a_nb = 0;
@@ -400,7 +416,11 @@
        /* The same suffix-hack-off again, but we can't do it
         * otherwise without chaning the function call interface
         */
-       found_version = strrchr(found, '-') + 1;
+       found_version = strrchr(found, '-');
+       if (found_version) {
+               /* skip '-', if any version found */
+               found_version++;
+       }
        found_tgz = strstr(found, ".tgz");
        if (found_tgz) {
                /* strip off any ".tgz" */
@@ -425,7 +445,11 @@
 
        best_version=NULL;
        if (best && best[0] != '\0') {
-               best_version = strrchr(best, '-') + 1;
+               best_version = strrchr(best, '-');
+               if (best_version) {
+                       /* skip '-' if any version found */
+                       best_version++;
+               }
                best_tgz = strstr(best, ".tgz");
                if (best_tgz) {
                        /* strip off any ".tgz" */