Bug 193447 - [PATCH] strvisx: Handle zero-length input strings gracefully.
Summary: [PATCH] strvisx: Handle zero-length input strings gracefully.
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Brooks Davis
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-08 00:03 UTC by Conrad Meyer
Modified: 2014-10-21 16:45 UTC (History)
3 users (show)

See Also:
brooks: mfc-stable8-
brooks: mfc-stable9+
brooks: mfc-stable10+


Attachments
patch -p0 against CURRENT. (2.66 KB, patch)
2014-09-08 00:03 UTC, Conrad Meyer
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Conrad Meyer 2014-09-08 00:03:48 UTC
Created attachment 147037 [details]
patch -p0 against CURRENT.

The internal istrsenvisx() routine overloaded the zero length value as a
sentinel for "use strlen(3)." This is bad because the zero-length source string
has a defined behavior and the pointer for a zero-length string may be
completely bogus. Calling strlen(3) on a bogus pointer is bad.

Instead, use ssize_t for the input string length and use a #defined constant
MB_STRZ == (-1) as the sentinel for the nul-terminated strvis variants (strvis,
etc).

Sponsored by:	EMC / Isilon storage division
Comment 1 Brooks Davis freebsd_committer 2014-09-08 15:51:06 UTC
Please submit this to NetBSD so we can merge from upstream.
Comment 2 Conrad Meyer 2014-09-08 16:19:17 UTC
Okay. I submitted it to NetBSD through their bug submission form. I don't have a URL back from them yet. The patch applies cleanly to lib/libc/gen/vis.c in NetBSD CVS.
Comment 3 Conrad Meyer 2014-09-08 16:23:08 UTC
Upstream: http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=49185
Comment 4 Brooks Davis freebsd_committer 2014-09-08 18:02:33 UTC
Thanks!  I'll get it merged.
Comment 5 Conrad Meyer 2014-09-08 18:05:23 UTC
Thanks! :)
Comment 6 commit-hook freebsd_committer 2014-09-08 19:26:37 UTC
A commit references this bug:

Author: brooks
Date: Mon Sep  8 19:26:22 UTC 2014
New revision: 271287
URL: http://svnweb.freebsd.org/changeset/base/271287

Log:
  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>
  MFC after:	1 month

Changes:
_U  head/contrib/libc-vis/
  head/contrib/libc-vis/vis.c
Comment 7 Brooks Davis freebsd_committer 2014-09-08 19:27:32 UTC
Committed in r271287.  Will merge after 10.1 is out.
Comment 8 Conrad Meyer 2014-09-08 19:29:54 UTC
(In reply to Brooks Davis from comment #7)
> Committed in r271287.  Will merge after 10.1 is out.

Thanks!
Comment 9 commit-hook freebsd_committer 2014-10-08 15:44:15 UTC
A commit references this bug:

Author: brooks
Date: Wed Oct  8 15:44:12 UTC 2014
New revision: 272753
URL: https://svnweb.freebsd.org/changeset/base/272753

Log:
  MFC r271287:

  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>

Changes:
_U  stable/10/
  stable/10/contrib/libc-vis/vis.c
Comment 10 commit-hook freebsd_committer 2014-10-08 15:59:18 UTC
A commit references this bug:

Author: brooks
Date: Wed Oct  8 15:58:30 UTC 2014
New revision: 272755
URL: https://svnweb.freebsd.org/changeset/base/272755

Log:
  MFC r271287:

  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>

Changes:
_U  stable/9/
_U  stable/9/contrib/libc-vis/
  stable/9/contrib/libc-vis/vis.c
_U  stable/9/etc/
_U  stable/9/etc/rc.d/
  stable/9/etc/rc.d/devd
_U  stable/9/sbin/
_U  stable/9/sbin/devd/
  stable/9/sbin/devd/devd.cc
_U  stable/9/share/
_U  stable/9/share/man/
_U  stable/9/share/man/man4/
  stable/9/share/man/man4/devctl.4
_U  stable/9/tools/
_U  stable/9/tools/tools/
_U  stable/9/tools/tools/sysdoc/
  stable/9/tools/tools/sysdoc/tunables.mdoc
Comment 11 Conrad Meyer 2014-10-08 16:00:26 UTC
stable/9 commit looks bad.
Comment 12 commit-hook freebsd_committer 2014-10-08 16:36:25 UTC
A commit references this bug:

Author: brooks
Date: Wed Oct  8 16:35:59 UTC 2014
New revision: 272760
URL: https://svnweb.freebsd.org/changeset/base/272760

Log:
  Revert botched r272755.

  PR:		193447

Changes:
_U  stable/9/
_U  stable/9/contrib/libc-vis/
  stable/9/contrib/libc-vis/vis.c
_U  stable/9/etc/
_U  stable/9/etc/rc.d/
  stable/9/etc/rc.d/devd
_U  stable/9/sbin/
_U  stable/9/sbin/devd/
  stable/9/sbin/devd/devd.cc
_U  stable/9/share/
_U  stable/9/share/man/
_U  stable/9/share/man/man4/
  stable/9/share/man/man4/devctl.4
_U  stable/9/tools/
_U  stable/9/tools/tools/
_U  stable/9/tools/tools/sysdoc/
  stable/9/tools/tools/sysdoc/tunables.mdoc
Comment 13 commit-hook freebsd_committer 2014-10-21 16:44:13 UTC
A commit references this bug:

Author: brooks
Date: Tue Oct 21 16:44:04 UTC 2014
New revision: 273387
URL: https://svnweb.freebsd.org/changeset/base/273387

Log:
  MFC r271287:

  Merge from NetBSD:

  PR/49185: Conrad Meyer: strvisx: Handle zero-length input strings
  gracefully.  (don't abuse 0 to mean compute string length internally)

  PR:		193447
  Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>

Changes:
_U  stable/9/contrib/libc-vis/
  stable/9/contrib/libc-vis/vis.c
Comment 14 Brooks Davis freebsd_committer 2014-10-21 16:45:06 UTC
Merges complete, MFC metadata corrected.