CVS commit: src/bin/sh

Mon, 21 Jan 2019 05:28:16 -0800 

Module Name:    src
Committed By:   kre
Date:           Mon Jan 21 13:27:29 UTC 2019

Modified Files:
        src/bin/sh: var.c

Log Message:
Fix an off by one buffer length problem.   Fortunately, it was off by
one in the "safe" way (it was ensuring the buffer always ended in 2 \0
characters ... one is enough.)   This could affect the expansions of
LINENO RANDOM and SECONDS, though only if they have at least 8 digits
(and then, only sometimes).   RANDOM thus is safe, as it never produces
a number with more than 5 digits, you'd need a script with 10000000
lines before there might be an issue with LINENO (and even autoconf
generated scripts don't generally get that bit) and a shell would need
to be running for almost 4 months for SECONDS to climb that high.

Nevertheless: XXX pullup -8.


To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 src/bin/sh/var.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/bin/sh/var.c
diff -u src/bin/sh/var.c:1.74 src/bin/sh/var.c:1.75
--- src/bin/sh/var.c:1.74	Wed Dec 12 11:51:33 2018
+++ src/bin/sh/var.c	Mon Jan 21 13:27:29 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: var.c,v 1.74 2018/12/12 11:51:33 kre Exp $	*/
+/*	$NetBSD: var.c,v 1.75 2019/01/21 13:27:29 kre Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)var.c	8.3 (Berkeley) 5/4/95";
 #else
-__RCSID("$NetBSD: var.c,v 1.74 2018/12/12 11:51:33 kre Exp $");
+__RCSID("$NetBSD: var.c,v 1.75 2019/01/21 13:27:29 kre Exp $");
 #endif
 #endif /* not lint */
 
@@ -1378,7 +1378,7 @@ get_lineno(struct var *vp)
 		return vp->text;
 #endif
 
-	snprintf(result, length - 1, "%.*s=%d", vp->name_len, vp->text, ln);
+	snprintf(result, length, "%.*s=%d", vp->name_len, vp->text, ln);
 	return result;
 }
 #undef result
@@ -1485,7 +1485,7 @@ get_seconds(struct var *vp)
 	if (!make_space(&buf, vp->name_len + 2 + digits_in(secs)))
 		return vp->text;
 
-	snprintf(buf.b, buf.len-1, "%.*s=%jd", vp->name_len, vp->text, secs);
+	snprintf(buf.b, buf.len, "%.*s=%jd", vp->name_len, vp->text, secs);
 	return buf.b;
 }
 
@@ -1571,7 +1571,7 @@ get_random(struct var *vp)
 	if (!make_space(&buf, vp->name_len + 2 + digits_in(random_val)))
 		return vp->text;
 
-	snprintf(buf.b, buf.len-1, "%.*s=%jd", vp->name_len, vp->text,
+	snprintf(buf.b, buf.len, "%.*s=%jd", vp->name_len, vp->text,
 	    random_val);
 
 	if (buf.b != vp->text && (vp->flags & (VTEXTFIXED|VSTACK)) == 0)

Reply via email to