Re: BUG in ltdl.c - here's a PATCH

libtool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BUG in ltdl.c - here's a PATCH

From:	Albert Chin
Subject:	Re: BUG in ltdl.c - here's a PATCH
Date:	Fri, 14 Jun 2002 11:23:05 -0500
User-agent:	Mutt/1.2.5i

On Fri, Jun 14, 2002 at 12:36:49PM +0200, Lutz Müller wrote:
> I finally found the bug in ltdl.c that makes libltdl unusable for
> gphoto2 (http://www.gphoto.org). Here's the patch:
> 
> --- /usr/share/libtool/libltdl/ltdl.c Wed Jan  9 20:26:41 2002
> +++ ltdl.c    Fri Jun 14 12:22:53 2002
> @@ -2192,21 +2192,21 @@ foreach_dirinpath (search_path, base_nam
>  
>       if (lendir +1 +lenbase >= filenamesize)
>       {
>         LT_DLFREE (filename);
>         filenamesize  = lendir +1 +lenbase +1; /* "/d" + '/' + "f" + '\0' */
>         filename      = LT_EMALLOC (char, filenamesize);
>         if (!filename)
>           goto cleanup;
>       }
>  
> -     strncpy (filename, dir_name, lendir);
> +     strncpy (filename, dir_name, lendir + 1);
>       if (base_name && *base_name)
>         {
>           if (filename[lendir -1] != '/')
>             filename[lendir++] = '/';
>           strcpy (filename +lendir, base_name);
>         }
>  
>       if ((result = (*func) (filename, data1, data2)))
>         {
>           break;
> 
> 
> The problem is that the first time 'filename' is allocated, it seems to
> be zero'ed out. However, this isn't the case if 'filename' gets freed
> and allocated a second time. Don't ask me why - if you think, LT_EMALLOC
> should zero out the allocated bytes, the bug is located deeper in there.
> Anyways, it won't hurt to copy the string _including_ the terminating
> '\0'.

Shouldn't we find out why filename is non-zero terminated? How about
we initialize filename[0] = '\0' after alloc? Anyway, I don't think
LT_EMALLOC should null-terminate the string (who knows if you're
always allocating a string) but I think we *definitely* need to
null-terminate filename after LT_EMALLOC. Does the patch below work?

-- 
albert chin (address@hidden)

-- snip snip
Index: libltdl/ltdl.c
===================================================================
RCS file: /cvsroot/libtool/libtool/libltdl/ltdl.c,v
retrieving revision 1.134.2.11
diff -u -3 -p -r1.134.2.11 ltdl.c
--- libltdl/ltdl.c      10 Jan 2002 20:56:20 -0000      1.134.2.11
+++ libltdl/ltdl.c      14 Jun 2002 16:21:13 -0000
@@ -2197,6 +2197,7 @@ foreach_dirinpath (search_path, base_nam
          filename      = LT_EMALLOC (char, filenamesize);
          if (!filename)
            goto cleanup;
+         *filename = '\0';
        }
 
        strncpy (filename, dir_name, lendir);

[Prev in Thread]

Current Thread

[Next in Thread]

BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, Albert Chin <=
  - Re: BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14
    - Re: BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14
    - Re: BUG in ltdl.c - here's a PATCH, Albert Chin, 2002/06/14
    - Re: BUG in ltdl.c - here's a PATCH, Bob Friesenhahn, 2002/06/14
    - Re: BUG in ltdl.c - here's a PATCH, Albert Chin, 2002/06/14
    - Re: BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, mcnichol, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, Simon White, 2002/06/15

Prev by Date: reset age if interface changes
Next by Date: Re: BUG in ltdl.c - here's a PATCH
Previous by thread: BUG in ltdl.c - here's a PATCH
Next by thread: Re: BUG in ltdl.c - here's a PATCH
Index(es):
- Date
- Thread