On Mon, 2 Dec 2024 15:32:34 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
>> src/java.base/unix/native/libnet/net_util_md.c line 190: >> >>> 188: sys_errno_string = strerror(sys_errno); >>> 189: format = "%s: %s: %s"; >>> 190: size = strlen(format) + strlen(hostname) + >>> strlen(error_string) + strlen(sys_errno_string) + 2; >> >> should be + 4, not + 2 here > > Actually, IIANM, shouldn't it be + 5 here and + 3 below to account for the > null terminator? > snprintf says it will write up to size - 1 characters. You are right about + 3 instead of + 2. Furthermore, now that you mention it, I'm not sure why there's a `strlen(format)` in that size computation. The original change was introduced in https://hg.openjdk.org/jdk7/jdk7/jdk/rev/b5d37597c815 and at that time it was using `sprintf` (and not `snprintf`) and the `sprintf` as per its documentation, considers size to be `INT_MAX + 1`, so `size` wasn't being passed to it and only used for `malloc()`. Even then, I don't understand why `strlen(format)` (or even + 2) was considered for the size. I have updated this part of the PR, but I'm going to look at this size computation bit more tomorrow with a fresh mind. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22484#discussion_r1866170010
