This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [Patch] setup: site.cc: dot[3] may not be valid.
- From: Max Bowsher <maxb1 at ukf dot net>
- To: cygwin-apps mailing-list <cygwin-apps at cygwin dot com>
- Date: Wed, 30 Nov 2005 22:18:54 +0000
- Subject: Re: [Patch] setup: site.cc: dot[3] may not be valid.
- Openpgp: id=C0F2C580
- References: <n2m-g.djjiq9.3vsgglv.1@buzzy-box.bavag>
- Reply-to: cygwin-apps at cygwin dot com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bas van Gompel wrote:
> Hi,
>
> While looking at site.cc I noticed a check where dot[3] might
> point past the end of the allocated string. this may cause false
> matches or even a segfault. I suggest following:
>
>
> 2005-10-24 Bas van Gompel <patch-cygsup.buzz@bavag.tmfweb.nl>
>
> * site.cc (site_list_type::init): Avoid reading past end of
> string.
>
>
> --- setup/site.cc 14 Oct 2005 04:23:14 -0000 2.40
> +++ setup/site.cc 24 Oct 2005 18:05:14 -0000
> @@ -122,7 +122,7 @@ site_list_type::init (String const &newu
> if (*dot == '.' || *dot == '/')
> {
> char *sp;
> - if (dot[3] == 0)
> + if (strlen (dot) == 3)
> *dp++ = '~'; /* sort .com/.edu/.org together */
> for (sp = dot + 1; *sp && *sp != '.' && *sp != '/';)
> *dp++ = *sp++;
>
The terrifying irony here, is that after all this icky pointer
manipulation, the calculated value is totally ignored anyway!
I've rewritten all the pointer work in terms of STL strings, and will
commit it now.
Max.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
iD8DBQFDjiVOfFNSmcDyxYARAhIVAKCCMoRlC9QNYpTwBfKCr3wdIUgt4ACgjKHX
UxexDF8boYvi94M2cXC7+rU=
=WxOm
-----END PGP SIGNATURE-----