> On Tue, Jan 19, 2016 at 12:35:27PM +0100, Sunil Nimmagadda wrote:
>
> > > - dlen = strlen(dir);
> > > - while (dir[dlen-1] == '/')
> > > - dir[--dlen] = '\0'; /* strip trailing '/' */
>
> > dlen could never be zero as we are replacing dir[0] with
On Tue, Jan 19, 2016 at 12:35:27PM +0100, Sunil Nimmagadda wrote:
> > - dlen = strlen(dir);
> > - while (dir[dlen-1] == '/')
> > - dir[--dlen] = '\0'; /* strip trailing '/' */
> dlen could never be zero as we are replacing dir[0] with '.' if
> it's
Thank you for the diff.
> I looked for more instances of the pattern that lead to reading one byte
> before an allocated buffer in which(1) when PATH begins with "/:". I
> found only one, in the function csexists() in usr.bin/mg/cscope.c.
> + while ((dir = strsep(&path, ":")) != NULL) {
> +
I looked for more instances of the pattern that lead to reading one byte
before an allocated buffer in which(1) when PATH begins with "/:". I
found only one, in the function csexists() in usr.bin/mg/cscope.c.
While at it, I replaced the manual length check before snprintf() with a
check of the ret