On Thu, Mar 21, 2002 at 04:29:29AM +0000, Justin Fletcher wrote:
> Hiya,
>
> This isn't at all serious; it's only in test code, but it might cause
> false negatives under pathological circumstances. The code reads :
>
> --8<--------
> main()
> {
> LHASH *conf;
> char buf[256];
> int i;
>
> conf=lh_new(lh_strhash,strcmp);
> for (;;)
> {
> char *p;
>
> buf[0]='\0';
> fgets(buf,256,stdin);
> if (buf[0] == '\0') break;
> buf[256]='\0'; /* JRF: THIS IS A FAULT */
> i=strlen(buf);
> p=OPENSSL_malloc(i+1);
> memcpy(p,buf,i+1);
> lh_insert(conf,p);
> }
>
> lh_node_stats(conf,stdout);
> lh_stats(conf,stdout);
> lh_node_usage_stats(conf,stdout);
> exit(0);
> }
> --8<--------
>
> buf[256] cannot be referenced because it is outside the array allocated
> in the automatic variables. This raises an 'array out of bounds' warning
> on Norcroft C.
Hmm. fgets(buf,256,stdin) will read at most 256-1 bytes and will
append the trailing '\0', at least according to K&R 2.
Therefore the offending statement could simply be removed...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
