[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some potential bugs in make-3.82
From: |
Norbert Thiebaud |
Subject: |
Re: Some potential bugs in make-3.82 |
Date: |
Tue, 7 May 2013 22:48:05 -0500 |
On Tue, May 7, 2013 at 10:24 PM, Zhenbo Xu <address@hidden> wrote:
> 2. Out of bound
> file: function.c
> function: func_sort
> At line 1150: words = xmalloc (wordi * sizeof (char *));
> The value of wordi may be 1.
>
> At line 1171: if (i == wordi - 1 || strlen (words[i + 1]) != len
> words[i + 1] may cause overflow.
no because i < wordi - 1 ( i < wordi because of the for() condition,
and if i == wordi - 1 then the || evaluation is shortcut-ed by i ==
wordi - 1, hence strlen() is not evaluated)
also note that the wordi in the alloc is a 1-based index whereas the
wordi in the for loop is a 0-based index