Frank Hofmann <[EMAIL PROTECTED]> wrote:
> On Thu, 17 May 2007, Joerg Schilling wrote:
>
> > [EMAIL PROTECTED] wrote:
> >
> >> - you cannot mix 64 bit & 32 bit
> >> - you cannot use code from libc in the kernel because there's
> >> no guarantee that that code will work in kernel context(!)
> >>
> >>
> >> The kernel has a strstr() of its own, so you'll need to just call
> >> that.
> >
> > Many of the libc functions have to repect the same rules as the kernel
> > and the kernel implementations may also fail, see bug 6489267 where
> > strncat() from the kernel caused a panic because of accessing a byte
> > bejond the permitted range.
>
> The str* functions just sometimes don't quite do what one might naively
> think they'd do. Try finding/fixing the bugs in this one:
>
> char str[100];
>
> memset(str, '\0', 100); /* clear string memory */
>
> pgsz = sysconf(_SC_PAGESIZE);
> buf = mmap(NULL, pgsz, PROT_READ | PROT_WRITE,
> MAP_ANON | MAP_PRIVATE, 0, 0);
> memset(buf, 'a', pgsz); /* page now filled with 'a' */
>
> strlcat(str, buf, 1); /* append single byte from buf */
> strncat(str, buf + pgsz, 0); /* doesn't really do anything */
>
> Both str*cat calls will crash. Go figure.
The strlcat() case looks like a usage error as strlcat() returns the
number of bytes that would be copied by strcat(). As there is no
null byte at the end of the string, it accesses too much from buf.
The strncat() case looks different.
BTW: in the POSIX mailing list, there is just a discussion that even str*()
functions need to respect range limits.
Jörg
--
EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin
[EMAIL PROTECTED] (uni)
[EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
_______________________________________________
opensolaris-discuss mailing list
[email protected]
