This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

strndup bug [fix included]

From: David Carne <davidcarne at gmail dot com>
To: newlib at sourceware dot org
Date: Fri, 10 Feb 2006 12:28:15 -0800
Subject: strndup bug [fix included]

Issue:
strndup crashes [sometimes] when presented with a non-null terminated
source string, even if the length parameter is within the bounds of
the source string.

The problem is caused by:
size_t len = MIN(strlen (str), n); [Line 13, newlib/libc/string/strndup_r.c]

The strlen will attempt to measure the length of the entire string
before comparison with the length parameter, which is not only
inefficient, but causes the bug noted above ;).

The fix is to replace strlen (str) with strnlen(str, n) - and since
the MIN then becomes irrelevant, line 13 could be replaced with

size_t len = strnlen (str, n);

Cheers,

--David Carne

Follow-Ups:
- Re: strndup bug [fix included]
  - From: Jeff Johnston

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]