This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On 05/09/2012 03:01 AM, Corinna Vinschen wrote:
>> {
>> _CONST _PTR src_end = (const unsigned char *) src + length - sizeof (unsigned char);
sizeof(unsigned char) is defined by C to be exactly 1; I always question
code that spells it out longhand instead of using 1.
>> _CONST _PTR last = NULL;
>>
>> while ((src = memchr (src, c, length)))
>> {
>> if (src > src_end)
>> break;
Also, src will never be > src_end - memchr returns NULL rather than
reading beyond the bounds of length.
>> last = src;
>> src = (const unsigned char *) src + sizeof (unsigned char);
>> }
>>
>> return (_PTR) last;
>> }
>
> The patch has a problem. The loop misses to change the length variable
> while iterating over the memchr results. That means, any subsequent
> call after the first one will potentiall read beyond the requested
> length. In border cases this will result in reading beyond the
> available memory or beyond the allocated virtual memory. The call to
> memchr must never read beyond src + length - 1.
Additionally, I think that searching forwards through the array via one
function call per occurrence of the byte in question is wasteful - since
we already know the array bounds, we might as well search in reverse by
doing a single C loop that iterates backwards over a word at a time.
strrchr must search forwards, because it is also searching for the
terminating NUL and doesn't know the length in advance, but memrchr
should be faster.
--
Eric Blake eblake@redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |