Page MenuHomeFreeBSD

Another try at fixing Coverity 1008328 in /bin/sh
ClosedPublic

Authored by truckman on May 25 2016, 2:00 AM.
Tags
None
Referenced Files
F108160307: D6552.diff
Wed, Jan 22, 1:03 AM
Unknown Object (File)
Fri, Jan 17, 5:40 PM
Unknown Object (File)
Sat, Jan 11, 3:44 PM
Unknown Object (File)
Dec 1 2024, 9:23 PM
Unknown Object (File)
Nov 28 2024, 10:28 PM
Unknown Object (File)
Nov 20 2024, 2:45 PM
Unknown Object (File)
Nov 20 2024, 2:42 PM
Unknown Object (File)
Sep 27 2024, 10:28 AM
Subscribers

Details

Reviewers
jilles
cem
Commits
rS301571: MFC r301139
Summary

The final possible iteration of the for loop is with i = 126
since the test at the top of the loop is i < PROMPTLEN - 1.
If we take the default case of the switch that handles
*fmt == '\\', we will always take the true branch of the
if (i < PROMPTLEN - 1). That will increment i to 127, and
when we jump back to the top of the loop, i will get incremented
to 128 and we will overflow the ps[] array when storing the
final NUL. Fix this by changing the test in the default case
to (i < PROMPTLEN - 2).

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

truckman retitled this revision from to Another try at fixing Coverity 1008328 in /bin/sh.
truckman updated this object.
truckman edited the test plan for this revision. (Show Details)
truckman added reviewers: jilles, cem.
cem edited edge metadata.
This revision is now accepted and ready to land.May 25 2016, 2:08 AM
This revision was automatically updated to reflect the committed changes.