This happens when there's only one component (e.g. "/foo"). This bug
has been present since June 6, 1990 when it was commited to mountd.c
SCCS version 5.9.
Details
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
usr.sbin/mountd/mountd.c | ||
---|---|---|
3158 ↗ | (On Diff #74764) | I might swap this one too for visual consistency. No functional difference, I think. |
I concur with the proposed change and also agree that cem's suggestion is a good one.
Revision control history is such an ugly reminder of ones fallibility :-)
Looks fine to me too.
And I see that I can't blame Herb Hasler (the guy who wrote mountd.c when
he was working for me long ago. (Btw, I got email from Herb recently.
He'd doing fine, living in TN these days.)
So, just out of curiosity, did this actually cause a crash or was it detected by some debugging
in malloc() or ???
With CHERI (cheri-cpu.org) this causes a crash as pointers have hardware enforced bounds. This is pretty typical of the sort of long standing bug we're finding. I found a similar one in tcsh a few years ago where hitting <tab> on an empty command line read a byte before the beginning of a string.
I'll make cem's suggested change before commit.