DragonFly bugs List (threaded) for 2004-11
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Possible bug in make

From:	Max Okumoto <okumoto@home>
Date:	Sun, 14 Nov 2004 01:50:30 -0800

In function Arch_ParseArchive() line 349, there is a possible buffer
over run.  I don't have a test case, but the grow buffer code
has an inverted test.

            Lst   members = Lst_Init(FALSE);
            char  *member;
            size_t sz = MAXPATHLEN;
            size_t nsz;
            nameBuf = emalloc(sz);

            Dir_Expand(memName, dirSearchPath, members);
            while (!Lst_IsEmpty(members)) {
                member = (char *)Lst_DeQueue(members);
                nsz = strlen(libName) + strlen(member) + 3;
                if (sz > nsz)
                        nameBuf = erealloc(nameBuf, sz = nsz * 2);
		^^^^^^^^^^^^^
Test is backwards.  nameBuf should be reallocated if (sz < nsz).


                snprintf(nameBuf, sz, "%s(%s)", libName, member);
                free(member);
                gn = Targ_FindNode (nameBuf, TARG_CREATE);
                if (gn == NULL) {
                    free(nameBuf);

Follow-Ups:
- Re: Possible bug in make
  - From: Matthew Dillon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]