This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Should memchr work with invalid data size?
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 17 May 2017 15:24:16 -0700
- Subject: Should memchr work with invalid data size?
- Authentication-results: sourceware.org; auth=none
"main memchr" says
The memchr() function scans the initial n bytes of the memory area
pointed to by s for the first instance of c.
But test-memchr.c has
if (pos < len)
{
size_t r = random ();
if ((r & 31) == 0)
len = ~(uintptr_t) (p + align) - ((r >> 5) & 31);
result = (CHAR *) (p + pos + align);
}
which sets len to some random value, like 18446603336355475958.
Should memchr work with it?
--
H.J.