> > Paul Eggert <[EMAIL PROTECTED]> wrote: > >> coreutils readutmp applies strchr to a buffer that is not > >> null-terminated. > > > > Would this work? It seems like the simplest fix. > > > > - p = strchr (trimmed_name, ' '); > > + p = memchr (trimmed_name, ' ', sizeof (UT_USER (ut)) + 1); > > Yes, that's a simpler fix, but it still doesn't make the code match > the comments. The comments say 'trim trailing spaces' but the above > code trims non-spaces if they are preceded by a space.
Furthermore, the string is still not NUL terminated if xmalloc doesn't zero init malloced storage. returned trimmed_name will potentially cause cashes elsewhere. Chqrlie. _______________________________________________ Bug-coreutils mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/bug-coreutils
