Subject: Re: Crunchgen bug and patch
To: None <hypnosses@pulltheplug.org>
From: David Laight <david@l8s.co.uk>
List: tech-userlevel
Date: 06/11/2006 22:24:23
On Sat, Jun 10, 2006 at 12:28:18PM -0700, hypnosses@pulltheplug.org wrote:
> There is a small bug in crunchgen when dealing with a large string which
> causes it to crash. heres a patch for it.
...
> Index: crunchgen.c
> ===================================================================
> RCS file: /cvsroot/src/usr.bin/crunch/crunchgen/crunchgen.c,v
> retrieving revision 1.69
> diff -r1.69 crunchgen.c
> 163,166c163,166
> < case 'm': strcpy(outmkname, optarg); break;
> < case 'c': strcpy(outcfname, optarg); break;
> < case 'e': strcpy(execfname, optarg); break;
> < case 'd': strcpy(dbg, optarg); break;
> ---
> > case 'm': strlcpy(outmkname, optarg, sizeof outmkname); break;
> > case 'c': strlcpy(outcfname, optarg, sizeof outcfname); break;
> > case 'e': strlcpy(execfname, optarg, sizeof execfname); break;
> > case 'd': strlcpy(dbg, optarg, sizeof dbg); break;
...
Except that after these changes it will silently do the wrong thing, which
is probably worse than the core dump!
There are 2 fixes:
1) exit with an error message saying one of the strings is too long
2) dynamically allocate memory for the strings.
David
--
David Laight: david@l8s.co.uk