This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Fix undefined behaviour inconsistent for strtok
- From: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
- To: "adhemerval dot zanella at linaro dot org" <adhemerval dot zanella at linaro dot org>, "Andreas Schwab" <schwab at suse dot de>
- Cc: "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>, nd <nd at arm dot com>
- Date: Tue, 25 Oct 2016 14:04:12 +0000
- Subject: Re: [PATCH] Fix undefined behaviour inconsistent for strtok
- Authentication-results: sourceware.org; auth=none
- Nodisclaimer: True
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Hi,
+ if ((s == NULL) && ((s = olds) == NULL))
+ return NULL;
What is the benefit of this given:
if (s == NULL)
/* This token finishes the string. */
olds = __rawmemchr (token, '\0');
So in the current implementation 'olds' can only ever be NULL at the
very first call to strtok.
To avoid doing unnecessary work at the end of a string and avoid
use after free or other memory errors, this would be much better:
if (s == NULL)
/* This token finishes the string. */
olds = NULL;
Setting it to a NULL pointer (and not checking for it on entry) causes a crash
so any bug is found immediately rather than potentially staying latent when
returning NULL. The goal should be to make bugs obvious, not trying to hide them.
Btw strtok_r has more potential issues, the reference to the previous string
may be a NULL pointer, and the pointer it contains may not be initialized at
all, so it's not useful to test either.
Wilco