Hi,
> > well, I don't want to get into fixing semantic bugs, as there generally
> > doesn't seem to be much of a hint as to what the intended semantics are -
> > except that you wonder how the code's semantics could actually be
> > intentional. So I would suggest fixing the buffer overflow for now, until
> > someone feels like taking care of the semantic bug.
>
> My point was that I don't see any such semantic bug; I can't see where
> the overflow would come from.
>
> As far as I can see, the code uses strsep() which will correctly
> interpret a string of spaces as containing no tokens - and return
> NULL.
>
> If I'm right, there's a different semantic bug - the use of strsep()
> to find a closing quote, which will fail for strings like
>
> ' a '' b '
| $ cat foo.c
|
| #include <string.h>
| #include <stdio.h>
|
| int main(){
| char s[]=" ",*p=s;
| while(p)printf("|%s|\n",strsep(&p," "));
| return 0;
| }
|
| $ gcc -o foo foo.c
| $ ./foo
| ||
| ||
| ||
| ||
| $
actually, I don't really know for sure what the intended semantics of
strsep() are, but assuming that the glibc implementation is not
majorly broken, I would argue that there is a buffer overflow in
that code ;-)
Florian
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
