Bug 193447 - [PATCH] strvisx: Handle zero-length input strings gracefully.
Summary: [PATCH] strvisx: Handle zero-length input strings gracefully.
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Brooks Davis
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-08 00:03 UTC by Conrad Meyer
Modified: 2014-10-21 16:45 UTC (History)
3 users (show)

See Also:
brooks: mfc-stable10+
brooks: mfc-stable9+
brooks: mfc-stable8-

Attachments
patch -p0 against CURRENT. (2.66 KB, patch)
2014-09-08 00:03 UTC, Conrad Meyer 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Conrad Meyer 2014-09-08 00:03:48 UTC 
Created attachment 147037 [details]
patch -p0 against CURRENT.

The internal istrsenvisx() routine overloaded the zero length value as a
sentinel for "use strlen(3)." This is bad because the zero-length source string
has a defined behavior and the pointer for a zero-length string may be
completely bogus. Calling strlen(3) on a bogus pointer is bad.

Instead, use ssize_t for the input string length and use a #defined constant
MB_STRZ == (-1) as the sentinel for the nul-terminated strvis variants (strvis,
etc).

Sponsored by:	EMC / Isilon storage division
Comment 1 Brooks Davis freebsd_committer freebsd_triage 2014-09-08 15:51:06 UTC 
Please submit this to NetBSD so we can merge from upstream.
Comment 2 Conrad Meyer 2014-09-08 16:19:17 UTC 
Okay. I submitted it to NetBSD through their bug submission form. I don't have a URL back from them yet. The patch applies cleanly to lib/libc/gen/vis.c in NetBSD CVS.
Comment 3 Conrad Meyer 2014-09-08 16:23:08 UTC 
Upstream: http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=49185
Comment 4 Brooks Davis freebsd_committer freebsd_triage 2014-09-08 18:02:33 UTC 
Thanks!  I'll get it merged.
Comment 5 Conrad Meyer 2014-09-08 18:05:23 UTC 
Thanks! :)
Comment 6 commit-hook freebsd_committer freebsd_triage 2014-09-08 19:26:37 UTC 
A commit references this bug:

Author: brooks
Date: Mon Sep  8 19:26:22 UTC 2014
New revision: 271287
URL: http://svnweb.freebsd.org/changeset/base/271287

Log:
  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>
  MFC after:	1 month

Changes:
_U  head/contrib/libc-vis/
  head/contrib/libc-vis/vis.c
Comment 7 Brooks Davis freebsd_committer freebsd_triage 2014-09-08 19:27:32 UTC 
Committed in r271287.  Will merge after 10.1 is out.
Comment 8 Conrad Meyer 2014-09-08 19:29:54 UTC 
(In reply to Brooks Davis from comment #7)
> Committed in r271287.  Will merge after 10.1 is out.

Thanks!
Comment 9 commit-hook freebsd_committer freebsd_triage 2014-10-08 15:44:15 UTC 
A commit references this bug:

Author: brooks
Date: Wed Oct  8 15:44:12 UTC 2014
New revision: 272753
URL: https://svnweb.freebsd.org/changeset/base/272753

Log:
  MFC r271287:

  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>

Changes:
_U  stable/10/
  stable/10/contrib/libc-vis/vis.c
Comment 10 commit-hook freebsd_committer freebsd_triage 2014-10-08 15:59:18 UTC 
A commit references this bug:

Author: brooks
Date: Wed Oct  8 15:58:30 UTC 2014
New revision: 272755
URL: https://svnweb.freebsd.org/changeset/base/272755

Log:
  MFC r271287:

  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>

Changes:
_U  stable/9/
_U  stable/9/contrib/libc-vis/
  stable/9/contrib/libc-vis/vis.c
_U  stable/9/etc/
_U  stable/9/etc/rc.d/
  stable/9/etc/rc.d/devd
_U  stable/9/sbin/
_U  stable/9/sbin/devd/
  stable/9/sbin/devd/devd.cc
_U  stable/9/share/
_U  stable/9/share/man/
_U  stable/9/share/man/man4/
  stable/9/share/man/man4/devctl.4
_U  stable/9/tools/
_U  stable/9/tools/tools/
_U  stable/9/tools/tools/sysdoc/
  stable/9/tools/tools/sysdoc/tunables.mdoc
Comment 11 Conrad Meyer 2014-10-08 16:00:26 UTC 
stable/9 commit looks bad.
Comment 12 commit-hook freebsd_committer freebsd_triage 2014-10-08 16:36:25 UTC 
A commit references this bug:

Author: brooks
Date: Wed Oct  8 16:35:59 UTC 2014
New revision: 272760
URL: https://svnweb.freebsd.org/changeset/base/272760

Log:
  Revert botched r272755.

  PR:		193447

Changes:
_U  stable/9/
_U  stable/9/contrib/libc-vis/
  stable/9/contrib/libc-vis/vis.c
_U  stable/9/etc/
_U  stable/9/etc/rc.d/
  stable/9/etc/rc.d/devd
_U  stable/9/sbin/
_U  stable/9/sbin/devd/
  stable/9/sbin/devd/devd.cc
_U  stable/9/share/
_U  stable/9/share/man/
_U  stable/9/share/man/man4/
  stable/9/share/man/man4/devctl.4
_U  stable/9/tools/
_U  stable/9/tools/tools/
_U  stable/9/tools/tools/sysdoc/
  stable/9/tools/tools/sysdoc/tunables.mdoc
Comment 13 commit-hook freebsd_committer freebsd_triage 2014-10-21 16:44:13 UTC 
A commit references this bug:

Author: brooks
Date: Tue Oct 21 16:44:04 UTC 2014
New revision: 273387
URL: https://svnweb.freebsd.org/changeset/base/273387

Log:
  MFC r271287:

  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>

Changes:
_U  stable/9/contrib/libc-vis/
  stable/9/contrib/libc-vis/vis.c
Comment 14 Brooks Davis freebsd_committer freebsd_triage 2014-10-21 16:45:06 UTC 
Merges complete, MFC metadata corrected.