On 20 July 2016 at 22:23, Don Lewis <truck...@freebsd.org> wrote:
> It passes a fixed-length non-NUL terminated buffer (returned by read(2))
> to mbrtowc().  In addition to the lack of termination, the buffer could
> also contain a partial character at its beginning or end if the contents
> are UTF-8.
> The Coverity ID is 978825.

I don't have access to Coverity, but with boru's help, I managed to
check the lines. There is no problem as far as I can tell --- yes, the
buffer is not NUL-terminated [1], *BUT* `mbrtowc(3)` takes a `len`
argument (which is returned from said `read(2)`), so it never tries to
read out of scope [2,3].

The problem might still be elsewhere, though --- the code is somewhat
hairy, so I'll give it a closer check tomorrow.

[1] https://svnweb.freebsd.org/base/head/usr.bin/wc/wc.c?view=markup#l277
[2] https://svnweb.freebsd.org/base/head/usr.bin/wc/wc.c?view=markup#l290
[3] `man 3 mbrtowc`
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to