[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: readstring() bug

From: Markus Mauhart
Subject: Re: readstring() bug
Date: Fri, 16 Jul 2004 12:38:56 +0200

"Paul D. Smith" <address@hidden> wrote ...
> %% Markus Mauhart <address@hidden> writes:
>   mm> ... otherwise the later loop could read outside the allocated memory.
> Yes, but this can never happen because each string _must_ be
> nul-terminated, and the previous invocation before the last one would
> set:
>     ebuf->bufnext = p+1;
> (where p points to the nul char) so ebuf->bufnext can never, really,
> equal the last character in the string; it will always be one greater
> than that.

Right. What IMHO is missleading for a casual reader like me is the comment
/* Malloc'd size of buffer. */ in the declaration of ebuffer.bufnext, which
doesnt correspond to the current usage in readstring() nor to the assignment
"ebuf.size = strlen (buffer);" found in eval_buffer(); so ideally you change
readline's ">" to ">=" and in eval_buffer() use "ebuf.size = 1 + 

>   mm> And btw, the "return 0" looks a bit surprising too.
> No, that's correct.  This function is only called during an eval and
> nothing should be added to the line counter during an eval.

aha, sounds very reasonable.

Btw, my suggested correction had a bug w.r.t. failing strchr(p,EOL):

mm>      eol = strchr (begin, '\n');
mm>      if (eol == 0 || eol == begin || eol[-1] != '\\') break;

Case "eol == 0" then would result in invalid ebuf->bufnext.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]