bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Fix underflow in argz_stringify


From: David Lutterkort
Subject: [PATCH] Fix underflow in argz_stringify
Date: Thu, 29 May 2008 21:56:46 +0000

The current version of argz_stringify will underflow its size_t argument
if 0 is passed in and then go and change lots of '\0' bytes to something
else.

The patch below fixes that by replacing argz_stringify with the version
from glibc-2.7

David

>From 49d7160e112d6807f891043e51f84f7cce8e8470 Mon Sep 17 00:00:00 2001
From: David Lutterkort <address@hidden>
Date: Thu, 29 May 2008 14:35:18 -0700
Subject: Fix underflow and subsequent memory corruption

* lib/argz.c(argz_stringify): sync with glibc-2.7; previous version
  would underflow the size_t len when it was 0
* modules/argz: add dependency on strnlen

Signed-off-by: David Lutterkort <address@hidden>
---
 lib/argz.c   |   23 +++++++++++------------
 modules/argz |    1 +
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/argz.c b/lib/argz.c
index 91d284c..5c8bf57 100644
--- a/lib/argz.c
+++ b/lib/argz.c
@@ -409,19 +409,18 @@ argz_next (char *argz, size_t argz_len, const char *entry)
 
 
 void
-argz_stringify (char *argz, size_t argz_len, int sep)
+argz_stringify (char *argz, size_t len, int sep)
 {
-  assert ((argz && argz_len) || (!argz && !argz_len));
-
-  if (sep)
-    {
-      --argz_len;              /* don't stringify the terminating EOS */
-      while (--argz_len > 0)
-       {
-         if (argz[argz_len] == EOS_CHAR)
-           argz[argz_len] = sep;
-       }
-    }
+  if (len > 0)
+    while (1)
+      {
+       size_t part_len = strnlen (argz, len);
+       argz += part_len;
+       len -= part_len;
+       if (len-- <= 1)         /* includes final '\0' we want to stop at */
+         break;
+       *argz++ = sep;
+      }
 }
 
 
diff --git a/modules/argz b/modules/argz
index 9898435..e2b148f 100644
--- a/modules/argz
+++ b/modules/argz
@@ -10,6 +10,7 @@ Depends-on:
 mempcpy
 stpcpy
 strndup
+strnlen
 
 configure.ac:
 gl_FUNC_ARGZ
-- 
1.5.4.1







reply via email to

[Prev in Thread] Current Thread [Next in Thread]