Subject: Re: mkstemp() core dump
To: Lennart Augustsson <firstname.lastname@example.org>
From: Patrick Welche <email@example.com>
Date: 09/02/1999 16:10:07
Lennart Augustsson wrote:
> > As usual, the code in gettemp.c looks fine...
> Does it?
> > /* Move to end of path and count trailing X's. */
> > for (trv = path; *trv; ++trv) */
> > if (*trv == 'X')
> > xcnt++;
> > else
> > xcnt = 0;
> > /* Use at least one from xtra. Use 2 if more than 6 X's. */
> > if (*(trv-1) == 'X')
> Maybe I've not had enough coffee, but isn't code in gettemp.c
> missing a lot of tests? The trv pointer should never point
> before path, but it can. Imagine path being "", then trv
> will point at the NUL byte, and *(trv-1) will access the byte
> before the passed argument.
> I don't know if this is the cause of your problem, but it
> sure looks buggy to me.
Fair enough, but in my case path is "/tmp/dico.XXXX" so *(trv-1) really
is 'X'. I also tried changing for() to while() so that trv really must
point at the NUL at the end of path. I had also assumed that path would
be checked in mkstemp which calls gettemp, but no, you're right, sending
an empty path should break.