lib/49185: strvisx: Handle zero-length input strings gracefully.

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/49185: strvisx: Handle zero-length input strings gracefully.
From: conrad.meyer%isilon.com@localhost
Date: Mon, 8 Sep 2014 16:20:00 +0000 (UTC)

>Number:         49185
>Category:       lib
>Synopsis:       strvisx: Handle zero-length input strings gracefully.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 08 16:20:00 +0000 2014
>Originator:     Conrad Meyer
>Release:        FreeBSD CURRENT / NetBSD CVS HEAD
>Organization:
EMC / Isilon storage division
>Environment:
FreeBSD cemvbox9993 11.0-RELEASE FreeBSD 11.0-RELEASE amd64

>Description:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193447

The internal istrsenvisx() routine overloaded the zero length value as a
sentinel for "use strlen(3)." This is bad because the zero-length source string
has a defined behavior and the pointer for a zero-length string may be
completely bogus. Calling strlen(3) on a bogus pointer is bad.

Instead, use ssize_t for the input string length and use a #defined constant
MB_STRZ == (-1) as the sentinel for the nul-terminated strvis variants (strvis,
etc).

>How-To-Repeat:
Call strvisx() on a zero length input string.
>Fix:
See patch in comment 0 here: 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193447

Prev by Date: PR/48864 CVS commit: src/sys/fs/tmpfs
Next by Date: PR/49185 CVS commit: src/lib/libc/gen
Previous by Thread: PR/48864 CVS commit: src/sys/fs/tmpfs
Next by Thread: Re: lib/49185: strvisx: Handle zero-length input strings gracefully.
Indexes:

Home | Main Index | Thread Index | Old Index