Hello all.
Current implementation of mktemp_internal() access memory before the
string given when the whole template given consists of 'X' characters.
First hunk of patch also removes extra check: "strlen() == 0" is done
anyway for non-error flow, so "*path == '\0'" does not give any actual
speed gain.
Having that patch applied, mktemp(1) no longer segfaults for me.
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
Index: stdio/mktemp.c
===================================================================
RCS file: /cvs/src/lib/libc/stdio/mktemp.c,v
retrieving revision 1.27
diff -u -p -r1.27 mktemp.c
--- stdio/mktemp.c 20 Mar 2009 16:05:11 -0000 1.27
+++ stdio/mktemp.c 27 Jan 2010 16:08:55 -0000
@@ -44,11 +44,6 @@ mktemp_internal(char *path, int slen, in
size_t len;
int fd;
- if (*path == '\0') {
- errno = EINVAL;
- return(-1);
- }
-
len = strlen(path);
if (len == 0 || slen >= len) {
errno = EINVAL;
@@ -57,7 +52,7 @@ mktemp_internal(char *path, int slen, in
ep = path + len - slen;
tries = 1;
- for (start = ep; start >= path && *--start == 'X';) {
+ for (start = ep - 1; start >= path && *start == 'X'; start--) {
if (tries < INT_MAX / NUM_CHARS)
tries *= NUM_CHARS;
}
