Re: bin/50867: src/usr.sbin/grfconfig/grfconfig.c:165: array index used before sanity check ?

[Robert Elz <kre%munnari.OZ.AU@localhost>]

The following reply was made to PR bin/50867; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/50867: src/usr.sbin/grfconfig/grfconfig.c:165: array index used before sanity check ?
Date: Tue, 01 Mar 2016 03:51:27 +0700

     Date:        Mon, 29 Feb 2016 17:30:00 +0000 (UTC)
     From:        dcb314%hotmail.com@localhost
     Message-ID:  <20160229173000.80B9B7ACA2%mollari.NetBSD.org@localhost>
 
   |             for (i = 0, *cps = strtok(buf, " \b\t\r\n");
   |                 cps[i] != NULL && i < 30; i++)
   |                 cps[i + 1] = strtok(NULL, " \b\t\r\n");
   | 
   | Suggest sanity check array index before use.
 
 I know Christos has already "fixed" this one, but there is absolutely nothing
 wrong with the code that was there (shown above).
 
 The first time through the loop, i is 0, which is certainly within
 bounds, every other time through the loop, the "i < 30" test has
 just been performed (from the last time through), and i has only been
 incremented once, so we now know i <= 31 - which is much less than
 sizeof buf.
 
 This one did not need fixing, the analysis tool does.
 
 kre