152549 – [patch] lint(1): the function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

Bug 152549 - [patch] lint(1): the function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

Summary: [patch] lint(1): the function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-11-24 17:40 UTC by henning.petersen
Modified:	2011-08-08 06:34 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (483 bytes, patch) 2010-11-24 17:40 UTC, henning.petersen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description henning.petersen 2010-11-24 17:40:06 UTC

The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

Fix: diff -u -r1.14 tree.c
--- src/usr.bin/xlint/lint1/tree.c	1 Jan 2003 18:13:44 -0000	1.14
+++ src/usr.bin/xlint/lint1/tree.c	24 Nov 2010 16:23:32 -0000
@@ -3786,6 +3786,7 @@
 			     (len2 + 1) * sizeof (wchar_t));
 		free(strg2->st_wcp);
 	}
+	strg1->st_len = len;
 	free(strg2);
 
 	return (strg1);


Patch attached with submission follows:
How-To-Repeat: 	Take the following example program:

---- BEGIN -----
#include <stdio.h>
#include <stdarg.h>
#include <syslog.h>

/* PRINTFLIKE1 */
int
myprintf(char *fmt0, ...)
{
	va_list va;

	va_start(va, fmt0);
	vsyslog(LOG_DEBUG, fmt0, va);
	va_end(va);
	return 0;
}

int main(int argc, char *argv[])
{
	long h;

	h = (long) argc;
	myprintf("Usage: "
		"%ld [options]\n" , h);
	return argv[0] != NULL;
}
---- END -----

        and run
        lint -n example.c
	which will print (besides other stuff):
	myprintf: malformed format string

Comment 1 dfilter service freebsd_committer

2011-08-08 06:22:19 UTC

Author: kevlo
Date: Mon Aug  8 05:22:09 2011
New Revision: 224702
URL: http://svn.freebsd.org/changeset/base/224702

Log:
  catstrg() does not set the resulting string length.
  
  PR:	bin/152549
  Submitted by:	Henning Petersen <henning dot petersen at t-online dot de>
  Approved by:	re (hrs)

Modified:
  head/usr.bin/xlint/lint1/tree.c

Modified: head/usr.bin/xlint/lint1/tree.c
==============================================================================
--- head/usr.bin/xlint/lint1/tree.c	Mon Aug  8 03:09:03 2011	(r224701)
+++ head/usr.bin/xlint/lint1/tree.c	Mon Aug  8 05:22:09 2011	(r224702)
@@ -3786,6 +3786,7 @@ catstrg(strg_t *strg1, strg_t *strg2)
 			     (len2 + 1) * sizeof (wchar_t));
 		free(strg2->st_wcp);
 	}
+	strg1->st_len = len;
 	free(strg2);
 
 	return (strg1);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Comment 2 Kevin Lo freebsd_committer

2011-08-08 06:33:46 UTC

State Changed
From-To: open->closed

Committed, thanks.