>Number:         9104
>Category:       lib
>Synopsis:       Error messages may be "" by mistake
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan  2 23:06:01 2000
>Last-Modified:
>Originator:     Brian Grayson
>Organization:
	Parallel and Distributed Systems
	Electrical and Computer Engineering
	The University of Texas at Austin
>Release:        Jan 2, 2000
>Environment:

>Description:
	At revision 1.18 of lib/libc/rpc/clnt_perror.c, the
	declarations of str and len in both clnt_sperror() and
	clnt_spcreateerror() were changed from:

         char *str = _buf();
         size_t len = buflen, i;

	to:

         char *str;
         size_t len = buflen, i;
	 ...
	 str = _buf();

	 Unfortunately, _buf() has the side-effect of setting
	 buflen to its proper value.  Thus, by delaying the call
	 to _buf() until after buflen is copied, len is assigned
	 0 on the first call to one of these error() functions,
	 and not the eventual value of buflen.

	
>How-To-Repeat:
	This was observed by rup (to a host that wasn't running
	rpc.rstatd) printing:
	% rup orac.ece.utexas.edu
	rup:
	%

	
>Fix:
	Either statically initialize buflen to 256 (instead of
	doing so inside _buf()), or back out only those
	_buf()-related changes in rev 1.18. 

	I'm not sure which is the proper fix, so I'm punting.
	(Hi Luke! :)
	
>Audit-Trail:
>Unformatted: