> I know the cp suicide is a problem in cp, because I designed the test
> case to exercise a buffer overflow I found at /sys/src/cmd/cp.c:77,93
>
> void
> copy(char *from, char *to, int todir)
> {
> Dir *dirb, dirt;
> char name[256];
> int fdf, fdt, mode;
>
> if(todir){
> char *s, *elem;
> elem=s=from;
> while(*s++)
> if(s[-1]=='/')
> elem=s;
> sprint(name, "%s/%s", to, elem);
> to=name;
> }
>
>
> The bug in rc's globbing was just a fun "bonus" I discovered while
> trying to clean up after the cp test. :)
>
I take it was trivial to find that overflow, come on the code is so simple
that you just see and get it the first time, which makes easier to find/fix
bugs, iterators and the other crap you mentioned would had obfuscated it.
now you found a related bug in rc, if I ever get to write code as beautiful
as rc that will be a day to remember.
Plan 9 is not bug-free, but they easier to find and fix, think about that.
--
Federico G. Benavento
