NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

lib/49185: strvisx: Handle zero-length input strings gracefully.

>Number:         49185
>Category:       lib
>Synopsis:       strvisx: Handle zero-length input strings gracefully.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 08 16:20:00 +0000 2014
>Originator:     Conrad Meyer
>Release:        FreeBSD CURRENT / NetBSD CVS HEAD
EMC / Isilon storage division
FreeBSD cemvbox9993 11.0-RELEASE FreeBSD 11.0-RELEASE amd64


The internal istrsenvisx() routine overloaded the zero length value as a
sentinel for "use strlen(3)." This is bad because the zero-length source string
has a defined behavior and the pointer for a zero-length string may be
completely bogus. Calling strlen(3) on a bogus pointer is bad.

Instead, use ssize_t for the input string length and use a #defined constant
MB_STRZ == (-1) as the sentinel for the nul-terminated strvis variants (strvis,

Call strvisx() on a zero length input string.
See patch in comment 0 here:

Home | Main Index | Thread Index | Old Index