[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: BUG in ltdl.c - here's a PATCH
From: |
Albert Chin |
Subject: |
Re: BUG in ltdl.c - here's a PATCH |
Date: |
Fri, 14 Jun 2002 11:23:05 -0500 |
User-agent: |
Mutt/1.2.5i |
On Fri, Jun 14, 2002 at 12:36:49PM +0200, Lutz Müller wrote:
> I finally found the bug in ltdl.c that makes libltdl unusable for
> gphoto2 (http://www.gphoto.org). Here's the patch:
>
> --- /usr/share/libtool/libltdl/ltdl.c Wed Jan 9 20:26:41 2002
> +++ ltdl.c Fri Jun 14 12:22:53 2002
> @@ -2192,21 +2192,21 @@ foreach_dirinpath (search_path, base_nam
>
> if (lendir +1 +lenbase >= filenamesize)
> {
> LT_DLFREE (filename);
> filenamesize = lendir +1 +lenbase +1; /* "/d" + '/' + "f" + '\0' */
> filename = LT_EMALLOC (char, filenamesize);
> if (!filename)
> goto cleanup;
> }
>
> - strncpy (filename, dir_name, lendir);
> + strncpy (filename, dir_name, lendir + 1);
> if (base_name && *base_name)
> {
> if (filename[lendir -1] != '/')
> filename[lendir++] = '/';
> strcpy (filename +lendir, base_name);
> }
>
> if ((result = (*func) (filename, data1, data2)))
> {
> break;
>
>
> The problem is that the first time 'filename' is allocated, it seems to
> be zero'ed out. However, this isn't the case if 'filename' gets freed
> and allocated a second time. Don't ask me why - if you think, LT_EMALLOC
> should zero out the allocated bytes, the bug is located deeper in there.
> Anyways, it won't hurt to copy the string _including_ the terminating
> '\0'.
Shouldn't we find out why filename is non-zero terminated? How about
we initialize filename[0] = '\0' after alloc? Anyway, I don't think
LT_EMALLOC should null-terminate the string (who knows if you're
always allocating a string) but I think we *definitely* need to
null-terminate filename after LT_EMALLOC. Does the patch below work?
--
albert chin (address@hidden)
-- snip snip
Index: libltdl/ltdl.c
===================================================================
RCS file: /cvsroot/libtool/libtool/libltdl/ltdl.c,v
retrieving revision 1.134.2.11
diff -u -3 -p -r1.134.2.11 ltdl.c
--- libltdl/ltdl.c 10 Jan 2002 20:56:20 -0000 1.134.2.11
+++ libltdl/ltdl.c 14 Jun 2002 16:21:13 -0000
@@ -2197,6 +2197,7 @@ foreach_dirinpath (search_path, base_nam
filename = LT_EMALLOC (char, filenamesize);
if (!filename)
goto cleanup;
+ *filename = '\0';
}
strncpy (filename, dir_name, lendir);
- BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH,
Albert Chin <=
- Re: BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, Albert Chin, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, Bob Friesenhahn, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, Albert Chin, 2002/06/14
- Re: BUG in ltdl.c - here's a PATCH, Lutz Müller, 2002/06/14