Re: Can this cause a program to crash?
- From: CBFalconer <cbfalconer@xxxxxxxxx>
- Date: Wed, 09 May 2007 10:16:51 -0400
"weidongtom@xxxxxxxxx" wrote:
I was reading some code and I came across this function:
function reformatted to be visible in one page. Why double
linefeeds?
static char *
base_name(char *s) {
char *bp;
char *ep;
bp = s;
ep = 0; /* Can this cause problem? */ /* NO. NULL better */
while (*s) {
if (s[0] == '/' && s[1] && s[1] != '/') bp = s + 1;
if (s > bp && s[0] == '/' && s[-1] != '/') ep = s;
++s;
}
if (!ep) ep = s;
*s = 0;
return bp;
}
Seems valid. Convoluted, but valid. Mishandles "\n".
ep = 0; Memory is not allocated to ep, so, this could write to any
memory address right? And I tried it out with:
#include <stdio.h>
int main(void){
char *b;
*b = 0;
return 0;
}
and I get a segmentation fault. So I guess that's a bug right?
(This is from the source code of hexdump-1.5).
The fault is because b is uninitialized and you attempt to use it.
--
<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
<http://www.aaxnet.com/editor/edit043.html>
<http://kadaitcha.cx/vista/dogsbreakfast/index.html>
cbfalconer at maineline dot net
--
Posted via a free Usenet account from http://www.teranews.com
.
- Follow-Ups:
- Re: Can this cause a program to crash?
- From: Flash Gordon
- Re: Can this cause a program to crash?
- References:
- Can this cause a program to crash?
- From: weidongtom@xxxxxxxxx
- Can this cause a program to crash?
- Prev by Date: Dealing with naive malloc() implementations
- Next by Date: Re: help
- Previous by thread: Re: Can this cause a program to crash?
- Next by thread: Re: Can this cause a program to crash?
- Index(es):
Relevant Pages
|
|
