This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] add memrchr(3)

From: Corinna Vinschen <vinschen at redhat dot com>
To: newlib at sourceware dot org
Date: Wed, 9 May 2012 11:01:38 +0200
Subject: Re: [PATCH] add memrchr(3)
References: <1336550823.8880.2.camel@YAAKOV04>
Reply-to: newlib at sourceware dot org

Hi Yaakov,

On May  9 03:07, Yaakov (Cygwin/X) wrote:
> This patch adds memrchr(3), a GNU extension also found in the BSDs:
> 
> http://man7.org/linux/man-pages/man3/memrchr.3.html
> 
> This patch is based on strrchr's usage of strchr.
> 
> Patch and new file attached.
> [...]
> _PTR
> _DEFUN (memrchr, (src, c, length),
> 	_CONST _PTR src _AND
> 	int c _AND
> 	size_t length)
> {
>   _CONST _PTR src_end = (const unsigned char *) src + length - sizeof (unsigned char);
>   _CONST _PTR last = NULL;
> 
>   while ((src = memchr (src, c, length)))
>     {
>       if (src > src_end)
> 	break;
>       last = src;
>       src = (const unsigned char *) src + sizeof (unsigned char);
>     }
> 
>   return (_PTR) last;
> }

The patch has a problem.  The loop misses to change the length variable
while iterating over the memchr results.  That means, any subsequent
call after the first one will potentiall read beyond the requested
length.  In border cases this will result in reading beyond the
available memory or beyond the allocated virtual memory.  The call to
memchr must never read beyond src + length - 1.

Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

Follow-Ups:
- Re: [PATCH] add memrchr(3)
  - From: Eric Blake

References:
- [PATCH] add memrchr(3)
  - From: Yaakov (Cygwin/X)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]