[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [BusyBox] [PATCH] cmdedit reads past end of completion strings
From: "Vladimir N. Oleynik" <dzo () simtreas ! ru>
Date: 2004-09-29 7:45:13
Message-ID: 415A6809.5010802 () simtreas ! ru
[Download RAW message or body]
Elliot,
>>1 for (tmp1 = tmp; *tmp1; tmp1++) {
>>2 for (len_found = 1; len_found < num_matches; len_found++) {
>>3 if (matches[len_found][(tmp1 - tmp)] != *tmp1) {
>>4 *tmp1 = 0;
>>5 break;
>> }
>> }
>>}
>
>
> Actually, if I understand this correctly, the purpose of Line 4 is to
> put a '\0' into the string, to mark the point at which the common prefix to
> all possible completions ends.
>
> Line 4 doesn't set the terminating condition for the outer loop, since
> tmp1 is incremented before the condition is tested, and points to the
> character _after_ the one that was set to '\0'.
Yes. But *tmp1 have != '\0' with loop and if *tmp1 = 0 setted, then
tmp stay have double zero without memory overflow.
Your patch is broken.
My this lines is find minimal eq a prefix,
if the prefix is zero, then we must free a temporary string.
--w
vodz
_______________________________________________
busybox mailing list
busybox@mail.busybox.net
http://codepoet.org/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic