thanks, this is ancient
fixed for the next release
On Sun, 7 Dec 2008 17:21:21 -0700 (MST) bugmail-sender at sun.com wrote:
> *Synopsis*: Array overrun in libpp
> CR 6764665 changed on Dec 8 2008 by <User 1-7MTUEB>
> === Field ============ === New Value ============= === Old Value =============
> Hook 6 <email address omitted>
> SubCategory korn93 korn
> ====================== =========================== ===========================
>
> *Change Request ID*: 6764665
> *Synopsis*: Array overrun in libpp
> Product: solaris
> Category: shell
> Subcategory: korn93
> Type: Defect
> Subtype:
> Status: 1-Dispatched
> Substatus:
> Priority: 3-Medium
> Introduced In Release:
> Introduced In Build:
> Responsible Engineer:
> Keywords: parfait
> === *Description* ============================================================
> /usr/src/lib/libpp/common/ppfsm.c
> 0861: }
> 0862: if (x >= 0)
> 0863: {
> 0864: *s = x;
> 0865: for (n = CHAR_MIN; n <= CHAR_MAX; n++)
> 0866: if (ppisidig(n))
> 0867: fsm[HITN][n] = HITN;
> 0868: n = HITN;
> 0869: }
> 0870: if (fsm[i][c] < n)
> 0871: fsm[i][c] = n;
> ppisidig() expands to ((pptype)[c]&(C_ID|C_DIG)), and pptype further expands
> to
> (ppctype-(CHAR_MIN)+1) when char is signed (as it is by default on
> x86).
> ppctype in turn is a char array of 255 elements. As a result, the above loop
> runs from ppctype[1] through ppctype[256].
> The bug looks to be in the definition of pptype - when char is unsigned, the
> code should work correctly.
> This bug was found using the Parfait source code analysis tool.
> See http://research.sun.com/projects/parfait
> *** (#1 of 1): 2008-10-28 18:48:54 GMT+00:00 <User 1-5Q-544>
> === *Public Comments* ========================================================
> === *Workaround* =============================================================
> === *Additional Details* =====================================================
> Targeted Release:
> Commit To Fix In Build:
> Fixed In Build:
> Integrated In Build:
> Verified In Build:
> See Also:
> Duplicate of:
> Hooks:
> Hook1:
> Hook2:
> Hook3:
> Hook4:
> Hook5:
> Hook6: <email address omitted>
> Program Management:
> Root Cause:
> Fix Affects Documentation: No
> Fix Affects Localization: No
> === *History* ================================================================
> Date Submitted: 2008-10-28 18:48:54 GMT+00:00
> Submitted By: <User 1-5Q-544>
> Status Changed Date Updated Updated By
> === *Service Request* ========================================================
> Impact: Significant
> Functionality: Secondary
> Severity: 3
> Product Name: solaris
> Product Release: solaris_nevada
> Product Build:
> Operating System: solaris_nevada
> Hardware: generic
> Submitted Date: 2008-10-28 18:48:54 GMT+00:00
> === *Multiple Release (MR) Cluster* - 0 ======================================
> _______________________________________________
> ksh93-integration-discuss mailing list
> ksh93-integration-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/ksh93-integration-discuss
