This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
Re: [PATCH] add memrchr(3)
- From: Corinna Vinschen <vinschen at redhat dot com>
- To: newlib at sourceware dot org
- Date: Wed, 9 May 2012 11:01:38 +0200
- Subject: Re: [PATCH] add memrchr(3)
- References: <1336550823.8880.2.camel@YAAKOV04>
- Reply-to: newlib at sourceware dot org
Hi Yaakov,
On May 9 03:07, Yaakov (Cygwin/X) wrote:
> This patch adds memrchr(3), a GNU extension also found in the BSDs:
>
> http://man7.org/linux/man-pages/man3/memrchr.3.html
>
> This patch is based on strrchr's usage of strchr.
>
> Patch and new file attached.
> [...]
> _PTR
> _DEFUN (memrchr, (src, c, length),
> _CONST _PTR src _AND
> int c _AND
> size_t length)
> {
> _CONST _PTR src_end = (const unsigned char *) src + length - sizeof (unsigned char);
> _CONST _PTR last = NULL;
>
> while ((src = memchr (src, c, length)))
> {
> if (src > src_end)
> break;
> last = src;
> src = (const unsigned char *) src + sizeof (unsigned char);
> }
>
> return (_PTR) last;
> }
The patch has a problem. The loop misses to change the length variable
while iterating over the memchr results. That means, any subsequent
call after the first one will potentiall read beyond the requested
length. In border cases this will result in reading beyond the
available memory or beyond the allocated virtual memory. The call to
memchr must never read beyond src + length - 1.
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat