On Wed, 2008-11-05 at 15:16 +0100, Denys Vlasenko wrote: > Before this patch, -s N shows N+1 chars in strings. > More annoyingly, it shows this for shorter strings: > > write(1, "hi\n"..., 3) = 3 > > After patch: > > write(1, "hi\n", 3) = 3 > > Patch author is Jeff Bastian [EMAIL PROTECTED] > > Patch is below. Please apply.
It appears that the bug this patch fixes causes buffer overruns and corrupts memory since we malloc just enough space for N chars + NUL but then try to stuff N+1 chars + NUL there. See https://bugzilla.redhat.com/show_bug.cgi?id=466877 On a related note: look at this code: void printstr(struct tcb *tcp, long addr, int len) { static char *str = NULL; static char *outstr; ... if (!str) { if ((str = malloc(max_strlen + 1)) == NULL || (outstr = malloc(4*max_strlen + sizeof "\"\"...")) == NULL) { fprintf(stderr, "out of memory\n"); tprintf("%#lx", addr); return; } } ... if (string_quote(str, outstr, len, size) && (len > max_strlen)) If str allocation succeeds but outstr allocation fails, we error out, but on next call we do not even try to allocate outstr, and will invariably SEGV because it is still NULL. "free(str); str = NULL;" is missing on error path. (This reinforces a theorem that vast majority of programs are hopelessly buggy wrt malloc failures... oh well...) -- vda ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Strace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/strace-devel
