please ignore this. It seems the buf or buflen is not used after this, and advancing buf is not visible outside the scope of this function.
On 12/30/09, Maz The Northener <[email protected]> wrote: > Hi dee Ho list! > > Tonight was one of these nights. I was staring the computer screen, > knowing that I have dozens of things I should do - but felt like doing > none of those. I bet most of us have had such moments. > > So I decided to download sources for a random gnu package, and just > browse some code trying to find a bug. Do not judge me as being nasty, > destructive bastard, I just try to possibly eliminate one problem from > the future. > > Well, I opened libtelnet/shishi.c file - it sounded like fun. (I've no > idea what is shishi, it sounds like something I could drink :D ) and > at line 591 I saw it. (sources taken from git just a few moments ago). > > function krb5shishi_printsub(). (I have no idea where this is called > from, and thus I have no idea if we really have a bug here, or just > something my eye catched as a peculiar thing). > > Here is: > > p = req_type_str (data[3]); > if (!p) > { > int l = snprintf (buf, buflen, " %d (unknown)", data[3]); > buf += l; > buflen -= l; > } > > and buf is a char pointer (buffer) coming from arguments, buflen is an > int, also coming from arguments. > > What we do not do here, is checking the returnvalue from snprintf (Eg. > if supplied buffer was large enough). Then we advance buf pointer with > amount of returned value etc. > > If supplied buffer was not long enough, snprintf propably returns the > lenght that would have been needed to fit the text in buffer. So after > increment the buf will point beyond the supplied buffer's boundaries. > But as I stated, I do not know the context this thing is sitting in, > so I cannot say if this is a problem or not. But I assume it is > possible the data written by snprintf can exceed size of the buffer - > otherwise I would probably see just sprintf here? > > Anyways, Now I managed to spend my freetime without actually doing > things I should've been doing, so I guess I may just as well stop > bothering you. :] > > Thank you for all the great work you do, and keep things going mates :] > I will keep watcing this list from now on :) > > -Matti. > > > > > BrakesAreForCowards!!! > When you feel blue, no one sees your tears... When your down, no one > understands your struggle... > When you feel happy, no one notices your smile... > But fart just once... > I would love to create a freeware game with C - unless I was working at > NSN. > -- -Matti "Maz" Vaittinen CWF coding team leader http://www.curlysworldoffreeware.com/ BrakesAreForCowards!!! When you feel blue, no one sees your tears... When your down, no one understands your struggle... When you feel happy, no one notices your smile... But fart just once... I would love to create a freeware game with C - unless I was working at NSN.
