On 9/5/09, Florian Zumbiehl <florz@xxxxxxxx> wrote:
> Hi,
>
> [...]
>> after
>>
>> strnlen("a", 2-1) = 0
>
> | $ cat foo.c
> |
> | #include <string.h>
> | #include <stdio.h>
> |
> | int main(){
> | printf("%u\n",strnlen("a",2-1));
> | return 0;
> | }
> |
> | $ gcc -o foo foo.c
> | $ ./foo
> | 1
> | $
>
> Florian
Indeed, excuse my brainfart. Looking at the rest of the function I
agree it needs fixing, Unless Andrey can correct us.
I'm not quite sure about this fix. String functions normally do
something reasonable when a length of 0 is passed. It looks like this
fixed version implements "length 0 is a special value meaning no
limit" :-) due to arithmetic underflow.
Oh - and reading code this closely usually is boring. Especially when
you're scanning, and don't necessarily have much idea of the bigger
picture. Auditting edge-case stability is even less exciting than
auditting security. So thanks for lending a fresh set of eyeballs for
a while!
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
