bin/44148: The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

[henning.petersen%t-online.de@localhost]

>Number:         44148
>Category:       bin
>Synopsis:       The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 24 17:25:00 +0000 2010
>Originator:     Henning Petersen
>Release:        
>Organization:
>Environment:
>Description:
The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

>How-To-Repeat:
        Take the following example program:

---- BEGIN -----
#include <stdio.h>
#include <stdarg.h>
#include <syslog.h>

/* PRINTFLIKE1 */
int
myprintf(char *fmt0, ...)
{
        va_list va;

        va_start(va, fmt0);
        vsyslog(LOG_DEBUG, fmt0, va);
        va_end(va);
        return 0;
}

int main(int argc, char *argv[])
{
        long h;

        h = (long) argc;
        myprintf("Usage: "
                "%ld [options]\n" , h);
        return argv[0] != NULL;
}
---- END -----

        and run
        lint -n example.c
        which will print (besides other stuff):
        myprintf: malformed format string


>Fix:
diff -u -r1.64 tree.c
--- usr.bin/xlint/lint1/tree.c  21 Mar 2010 14:29:04 -0000      1.64
+++ usr.bin/xlint/lint1/tree.c  24 Nov 2010 14:32:30 -0000
@@ -4020,6 +4020,7 @@
                             (len2 + 1) * sizeof (wchar_t));
                free(strg2->st_wcp);
        }
+       strg1->st_len = len; 
        free(strg2);
 
        return (strg1);