> I know the cp suicide is a problem in cp, because I designed the test > case to exercise a buffer overflow I found at /sys/src/cmd/cp.c:77,93 > > void > copy(char *from, char *to, int todir) > { > Dir *dirb, dirt; > char name[256]; > int fdf, fdt, mode; > > if(todir){ > char *s, *elem; > elem=s=from; > while(*s++) > if(s[-1]=='/') > elem=s; > sprint(name, "%s/%s", to, elem); > to=name; > } > > > The bug in rc's globbing was just a fun "bonus" I discovered while > trying to clean up after the cp test. :) >
I take it was trivial to find that overflow, come on the code is so simple that you just see and get it the first time, which makes easier to find/fix bugs, iterators and the other crap you mentioned would had obfuscated it. now you found a related bug in rc, if I ever get to write code as beautiful as rc that will be a day to remember. Plan 9 is not bug-free, but they easier to find and fix, think about that. -- Federico G. Benavento