NetBSD Problem Report #52499
From www@NetBSD.org Wed Aug 23 07:12:22 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 09BE47A169
for <gnats-bugs@gnats.NetBSD.org>; Wed, 23 Aug 2017 07:12:22 +0000 (UTC)
Message-Id: <20170823071221.3FA327A2A5@mollari.NetBSD.org>
Date: Wed, 23 Aug 2017 07:12:21 +0000 (UTC)
From: justin.cinkelj@xlab.si
Reply-To: justin.cinkelj@xlab.si
To: gnats-bugs@NetBSD.org
Subject: stresep uses memmove with of-by-one length
X-Send-Pr-Version: www-1.0
>Number: 52499
>Category: lib
>Synopsis: stresep uses memmove with of-by-one length
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Aug 23 07:15:00 +0000 2017
>Closed-Date: Fri Mar 31 09:24:23 +0000 2023
>Last-Modified: Fri Mar 31 09:24:23 +0000 2023
>Originator: Justin
>Release: 1.3
>Organization:
XLAB d.o.o.
>Environment:
N/A
>Description:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/string/stresep.c.diff?r1=1.2&r2=1.3&only_with_tag=MAIN&f=h
old:
strcpy(s - 1, s);
new:
memmove(s - 1, s, strlen(s));
But 'new' should also copy terminating NULL (as strcpy does), otherwise s gets longer by 1 char for each escaped delim. memmove should be corrected to:
memmove(s - 1, s, strlen(s) + 1);
>How-To-Repeat:
#include <stdio.h>
#define NN 10
int main() {
//char* str = strdup("aa bb \"cc\\ dd\"-");
char* str = strdup("aa bb cc\\ \\ \\ \\ dd-");
char **ap, *argv[NN];
const char *delim = " \t\n";;
char esc = '\\';
printf("/*-------------------------------------*/\n");
// parse string
for (ap = argv; ap < &argv[NN-1] && (*ap = stresep(&str, delim, esc)) != NULL;) {
if (**ap != '\0')
ap++;
}
// print result
char **ch;
int ii;
for (ii = 0, ch = argv; *ch != nullptr; ii++, ch++) {
printf("argv[%d] = %p %s\n", ii, *ch, *ch);
}
printf("/*-------------------------------------*/\n");
}
I expected:
argv[2] = 0x15aac26 cc dd-
But I got:
argv[2] = 0x15aac26 cc dd-----
>Fix:
memmove(s - 1, s, strlen(s) + 1);
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52499 CVS commit: src/lib/libc/string
Date: Wed, 23 Aug 2017 06:27:41 -0400
Module Name: src
Committed By: christos
Date: Wed Aug 23 10:27:41 UTC 2017
Modified Files:
src/lib/libc/string: stresep.c
Log Message:
PR/52499: Justin: stresep uses memmove with of-by-one length
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/lib/libc/string/stresep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52499 CVS commit: src/tests/lib/libc/string
Date: Wed, 23 Aug 2017 06:29:52 -0400
Module Name: src
Committed By: christos
Date: Wed Aug 23 10:29:51 UTC 2017
Modified Files:
src/tests/lib/libc/string: t_stresep.c
Log Message:
Add test from PR/52499
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/tests/lib/libc/string/t_stresep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52499 CVS commit: [netbsd-8] src
Date: Mon, 14 May 2018 19:17:39 +0000
Module Name: src
Committed By: martin
Date: Mon May 14 19:17:39 UTC 2018
Modified Files:
src/lib/libc/string [netbsd-8]: stresep.c
src/tests/lib/libc/string [netbsd-8]: t_stresep.c
Log Message:
Pull up following revision(s) (requested by maya in ticket #822):
lib/libc/string/stresep.c: revision 1.4
tests/lib/libc/string/t_stresep.c: revision 1.4
PR/52499: Justin: stresep uses memmove with of-by-one length
Add test from PR/52499
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.3.4.1 src/lib/libc/string/stresep.c
cvs rdiff -u -r1.3 -r1.3.22.1 src/tests/lib/libc/string/t_stresep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->needs-pullups
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sun, 03 Jun 2018 11:24:04 +0000
State-Changed-Why:
Also need for netbsd-7, which I haven't requested
State-Changed-From-To: needs-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Fri, 31 Mar 2023 09:24:23 +0000
State-Changed-Why:
pulled up to netbsd-8, and netbsd-7 is now EOL, so no need for pullups
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.