On Thu, Apr 24, 2008 at 10:01:29PM +0200, Jim Meyering wrote:
> "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:
> > static const char needle[] = "char device redirected to";
> > char *tmp;
> >
> > - if (!(tmp = strstr(haystack, needle)))
> > + /* First look for our magic string */
> > + if (!(tmp = strstr(haystack + *offset, needle)))
> > return -1;
> >
> > + /* Grab all the trailing data */
> > strncpy(path, tmp+sizeof(needle), pathmax-1);
>
> That should be sizeof(needle)-1.
> Otherwise, if someone nasty gave you input ending with
> "char device redirected to", the strncpy above would start
> reading just past the NUL at the end of "haystack".
Fixed this.
> > path[pathmax-1] = '\0';
> >
> > - while (*path) {
> > - /*
> > - * The monitor path ends at first whitespace char
> > - * so lets search for it & NULL terminate it there
> > - */
> > - if (isspace(*path)) {
> > - *path = '\0';
> > + /*
> > + * And look for first whitespace character and nul terminate
> > + * to mark end of the pty path
> > + */
> > + tmp = path;
> > + while (*tmp) {
> > + if (isspace(*tmp)) {
>
> Since "tmp" has type "char", this causes trouble in an environment
> where "char" is a signed type. When *tmp is larger than 127, it gets
> sign-extended, and isspace can misbehave on the large negative number
> (isspace is not defined for such values). Instead, do it like this:
>
> if (isspace(*(unsigned char *)tmp)) {
>
> or better, using the to_uchar function (from coreutils):
>
> if (isspace(to_uchar(tmp))) {
Fixed this when merging with your to_uchar() changes.
Dan.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list