Can anyone name a real system on which forming a pointer like this, "buffer + (size_t)(-1)" actually provokes a trap or some other real problem?
>From 6e00315bf290310895036fce979a7e0210871b63 Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Wed, 28 Dec 2011 18:30:50 +0100 Subject: [PATCH] tail: avoid theoretically undefined behavior * src/tail.c (start_lines): Do not form potentially-invalid address. Use safe_read's return value as a pointer offset only after ensuring that it is not SAFE_READ_ERROR (size_t)(-1). Spotted by coverity. Also, move declaration of "p" to be closer to first use. --- src/tail.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/tail.c b/src/tail.c index 4581845..5d86da2 100644 --- a/src/tail.c +++ b/src/tail.c @@ -848,9 +848,7 @@ start_lines (const char *pretty_filename, int fd, uintmax_t n_lines, while (1) { char buffer[BUFSIZ]; - char *p = buffer; size_t bytes_read = safe_read (fd, buffer, BUFSIZ); - char *buffer_end = buffer + bytes_read; if (bytes_read == 0) /* EOF */ return -1; if (bytes_read == SAFE_READ_ERROR) /* error */ @@ -859,8 +857,11 @@ start_lines (const char *pretty_filename, int fd, uintmax_t n_lines, return 1; } + char *buffer_end = buffer + bytes_read; + *read_pos += bytes_read; + char *p = buffer; while ((p = memchr (p, '\n', buffer_end - p))) { ++p; -- 1.7.8.1.391.g2c2ad
