[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config
Alejandro Colomar
alx.manpages at gmail.com
Sat Mar 11 21:08:31 GMT 2023
Hi Paul,
On 3/11/23 20:29, Paul Eggert wrote:
> From d40e2f92f3e50d13d87393bd30b2b4b20b89a2d6 Mon Sep 17 00:00:00 2001
> From: Paul Eggert <eggert at cs.ucla.edu>
> Date: Sat, 11 Mar 2023 00:01:02 -0800
> Subject: [PATCH 1/6] Fix undefined behavior in change_field
>
> * lib/fields.c (change_field): Do not ever compute &newf[-1],
> as behavior is undefined. Since we know that the string fits,
> use memcpy rather than strlcpy.
I'd separate the UB fix, from the transformation to memcpy(3),
in two separate commits, since they are conceptually unrelated.
>
> Signed-off-by: Paul Eggert <eggert at cs.ucla.edu>
> ---
> lib/fields.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/lib/fields.c b/lib/fields.c
> index 0b5f91b2..3b119502 100644
> --- a/lib/fields.c
> +++ b/lib/fields.c
> @@ -90,17 +90,17 @@ void change_field (char *buf, size_t maxsize, const char *prompt)
> * makes it possible to change the field to empty, by
> * entering a space. --marekm
> */
> + char *bp = newf;
>
> - while (--cp >= newf && isspace (*cp));
> - cp++;
> + while (newf < cp && isspace (cp[-1])) {
> + cp--;
> + }
> *cp = '\0';
>
> - cp = newf;
> - while (('\0' != *cp) && isspace (*cp)) {
> - cp++;
> + while (isspace (*bp)) {
> + bp++;
> }
>
> - strlcpy (buf, cp, maxsize);
> + memcpy (buf, bp, cp + 1 - bp);
Regarding this transformation, I'd prefer transforming to strcpy(3).
It avoids the manual `cp + 1 - bp` calculation.
Thanks for the review and patches!
Cheers,
Alex
> }
> }
> -
> --
> 2.37.2
>
--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20230311/18f7fdb0/attachment-0001.sig>
More information about the Pkg-shadow-devel
mailing list