Re: generic strncpy - off-by-one error

From: Willy Tarreau
Date: Tue Aug 12 2003 - 09:44:15 EST

Next message: Larry McVoy: "Useful(?) BK trick"
Previous message: Con Kolivas: "Re: WINE + Galciv + 2.6.0-test3-mm1-O15"
In reply to: Yoshinori Sato: "generic strncpy - off-by-one error"
Next in thread: Yoshinori Sato: "Re: generic strncpy - off-by-one error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 12, 2003 at 11:07:59PM +0900, Yoshinori Sato wrote:
> zero fill count is off-by-one error

I disagree here. With your code, if count becomes 0 within the first while(),
you set it to (unsigned)(-1) (because count is size_t), and the second loop
will add this number of zeroes after dest (4 billion on 32 bits archs).

The original code seems OK to me.

Cheers,
Willy

> --- lib/string.c~ 2003-08-09 20:30:36.000000000 +0900
> +++ lib/string.c 2003-08-12 22:55:47.000000000 +0900
> @@ -89,7 +89,8 @@
>
> while (count && (*dest++ = *src++) != '\0')
> count--;
> - while (count) {
> + count--;
> + while (count > 0) {
> *dest++ = 0;
> count--;
> }
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Larry McVoy: "Useful(?) BK trick"
Previous message: Con Kolivas: "Re: WINE + Galciv + 2.6.0-test3-mm1-O15"
In reply to: Yoshinori Sato: "generic strncpy - off-by-one error"
Next in thread: Yoshinori Sato: "Re: generic strncpy - off-by-one error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]