This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

bug in src/tapset/string.stp

From: Jonathan Brassow <jbrassow at redhat dot com>
To: systemtap at sources dot redhat dot com
Date: Fri, 18 Aug 2006 16:34:30 +0000
Subject: bug in src/tapset/string.stp

The strncpy and following null termination act as though the 'stop'
param is a 'len' param, and thus returns a string that may be longer
than what was asked for.

 brassow

Index: src/tapset/string.stp
===================================================================
--- src.orig/tapset/string.stp  2006-07-11 15:38:35.000000000 -0500
+++ src/tapset/string.stp       2006-08-18 11:29:01.000000000 -0500
@@ -27,8 +27,8 @@ function substr:string(str:string,start:
        }
        else {
                char *s=THIS->str;
-               strncpy(THIS->__retvalue,s+THIS->start,THIS->stop);
-               THIS->__retvalue[THIS->stop]='\0';
+               strncpy(THIS->__retvalue,s+THIS->start,THIS->stop - THIS->start);
+               THIS->__retvalue[THIS->stop - THIS->start]='\0';
        }
 %}

Follow-Ups:
- Re: bug in src/tapset/string.stp
  - From: Martin Hunt

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]