NetBSD Problem Report #50998

From www@NetBSD.org  Thu Mar 24 11:42:55 2016
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 77EA77ABE6
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 24 Mar 2016 11:42:55 +0000 (UTC)
Message-Id: <20160324114254.834D17ACBB@mollari.NetBSD.org>
Date: Thu, 24 Mar 2016 11:42:54 +0000 (UTC)
From: dcb314@hotmail.com
Reply-To: dcb314@hotmail.com
To: gnats-bugs@NetBSD.org
Subject: src/bin/pax/ar_io.c:1686: possible missing sanity check ?
X-Send-Pr-Version: www-1.0

>Number:         50998
>Category:       bin
>Synopsis:       src/bin/pax/ar_io.c:1686: possible missing sanity check ?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 24 11:45:00 +0000 2016
>Closed-Date:    Tue May 31 03:41:02 +0000 2016
>Last-Modified:  Tue May 31 03:41:02 +0000 2016
>Originator:     David Binderman
>Release:        cvs dated 20160324
>Organization:
>Environment:
>Description:
src/bin/pax/ar_io.c:1686]: (style) Variable 'len' is assigned a value that is never used.

Source code is

       len = snprintf(buf, sizeof(buf),
            "%s vol %d, %lu files, %s read, %s written in %s\n",
            frmt->name, arvol-1, (unsigned long)flcnt,
            sizefmt(s1buf, sizeof(s1buf), rdcnt),
            sizefmt(s2buf, sizeof(s2buf), wrcnt),
            timefmt(tbuf, sizeof(tbuf), rdcnt + wrcnt, secs, "bytes"));
    }
    if (n == 0)
        (void)fprintf(outf, "%s: %s", argv0, buf);
    else
        (void)write(STDERR_FILENO, buf, strlen(buf));
}

Suggest either sanity check value of len or remove assignment to len.
>How-To-Repeat:

>Fix:

>Release-Note:

>Audit-Trail:
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/50998 CVS commit: src/bin/pax
Date: Tue, 31 May 2016 03:32:36 +0000

 Module Name:	src
 Committed By:	dholland
 Date:		Tue May 31 03:32:36 UTC 2016

 Modified Files:
 	src/bin/pax: ar_io.c

 Log Message:
 Don't use the length return from snprintf to write out the result
 buffer. If snprintf truncated the output, the length returned will be
 greater and we'll write trash. Just call strlen instead. (And since
 what we're doing is writing progress messages to the user, checking
 carefully for truncation isn't really worthwhile either.)

 Spotted when attending to PR 50998 from David Binderman; the issue
 there (computation of an unused value) popped up because one of the
 prints was already calling strlen.


 To generate a diff of this commit:
 cvs rdiff -u -r1.56 -r1.57 src/bin/pax/ar_io.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Tue, 31 May 2016 03:41:02 +0000
State-Changed-Why:
fixed, thanks


>Unformatted:

Home	PR Database Search