bug in optimised strstr
Eric Blake
ebb9@byu.net
Thu Oct 2 17:05:00 GMT 2008
Jeff Johnston <jjohnstn <at> redhat.com> writes:
> max_suffix = SIZE_MAX;
> j = 0;
> k = p = 1;
> while (j + k < needle_len)
> {
> a = CANON_ELEMENT (needle[j + k]);
> b = CANON_ELEMENT (needle[max_suffix + k]);
>
> it is the line b=....
>
> It cannot be correct as you are trying to reference SIZE_MAX + 1 the
> first time through the loop.
But the comments state:
/* Invariants:
0 <= j < NEEDLE_LEN - 1
-1 <= max_suffix{,_rev} < j (treating SIZE_MAX as if it were signed)
...
On cygwin, this works (in other words, I'm not reproducing the crash). The
intent is that this line is referencing needle[0]. What type is size_t on your
platform, and the value of SIZE_MAX? Could it be that there is some type
promotion going on, where the result of SIZE_MAX+1 results in a 64-bit type
containing 2**32 instead of 0, as is required by modulo math since size_t is
unsigned?
--
Eric Blake
More information about the Newlib
mailing list