On Thu, Apr 21, 2016 at 05:00:20AM +0300, Andrey Chernov wrote: > On 21.04.2016 3:57, Andrey Chernov wrote: > > On 20.04.2016 23:44, Baptiste Daroussin wrote: > >> Author: bapt > >> Date: Wed Apr 20 20:44:30 2016 > >> New Revision: 298367 > >> URL: https://svnweb.freebsd.org/changeset/base/298367 > >> > >> Log: > >> Check the returned value of memchr(3) before using it > >> > >> Reported by: Coverity > >> CID: 1338530 > >> > >> Modified: > >> head/lib/libc/locale/ascii.c > >> > >> Modified: head/lib/libc/locale/ascii.c > >> ============================================================================== > >> --- head/lib/libc/locale/ascii.c Wed Apr 20 20:43:05 2016 > >> (r298366) > >> +++ head/lib/libc/locale/ascii.c Wed Apr 20 20:44:30 2016 > >> (r298367) > >> @@ -133,11 +133,14 @@ _ascii_mbsnrtowcs(wchar_t * __restrict d > >> > >> if (dst == NULL) { > >> s = memchr(*src, '\0', nms); > >> + if (s == NULL) > >> + return (nms); > >> + > >> if (*s & 0x80) { > >> errno = EILSEQ; > >> return ((size_t)-1); > >> } > >> - return (s != NULL ? s - *src : nms); > >> + return (s - *src); > >> } > >> > >> s = *src; > >> > > > > The whole code is incorrect, only the very first char is checked, there > > must be a loop like in -stable: > > > > if (dst == NULL) { > > for (s = *src; nms > 0 && *s != '\0'; s++, nms--) { > > if (*s & 0x80) { > > errno = EILSEQ; > > return ((size_t)-1); > > } > > } > > return (s - *src); > > } > > > > Since svn history is lost on deleting, I don't know why incorrect > > version was committed. > > > > Typo, the very first == the very last, i.e. only NUL char is checked > which always pass. >
I have restored the history (I hope correctly) Bapt
signature.asc
Description: PGP signature
