Bug #703
closed
hashmake calls gets() but should use fgets().
100%
Description
This can result in an array overrun.
53 hashinit();
54 while (gets(word)) {
55 (void) printf("%.*lo\n", (HASHWIDTH+2)/3, hash(word));
56 }This is a simple enough thing to fix.
Updated by Garrett D'Amore over 11 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Fixed in:
changeset: 13289:0a79ebc0f4b3
tag: tip
user: Roland Mainz <roland.mainz@nexenta.com
date: Thu Feb 17 14:49:38 2011 -0800
description:
702 tput calls gets()
703 hashmake calls gets() but should use fgets().
Reviewed by: Dan McDonald <danmcd@nexenta.com>
Reviewed by: Olga Kryzhanoska <olga.kryzhanovska@gmail.com>
Approved by: Garrett D'Amore <garrett@nexenta.com>
Updated by Garrett D'Amore over 11 years ago
- Status changed from Resolved to New
- % Done changed from 100 to 10
You forgot to consider that fgets() includes \n. (And apparently did not perform enough testing.) This change is now backed out, and the bug is reopened.
Updated by Roland Mainz over 11 years ago
The root problem of the issue was that we tested (both "tput" and
"hashmake") with something like this:
$ diff -u <(/usr/bin/<prog-to-test>) <($ROOT/usr/bin/<prog-to-test>) #
This would've worked perfectly fine if we would've executed this
within a "bldenv" environment... but it looks we ran the tests
outside "bldenv".
This is quite a humilation because a simple $ set -o nounset # in the test chain would've prevented that... I've teaching that students since a decade... and now fell into the same idiot trap. Grrr... (and sorry...) ...
Updated by Garrett D'Amore almost 11 years ago
- Assignee deleted (
Roland Mainz) - Difficulty set to Bite-size
- Tags set to needs-triage
Updated by Rich Lowe about 9 years ago
- Status changed from New to Resolved
- % Done changed from 10 to 100
- Tags deleted (
needs-triage)
Resolved in 461686c