[adding bug-gnulib] On 05/18/2011 11:07 AM, Daniel P. Berrange wrote:
strerror_r() is free to not set any error string, if the passed errno is not valid. It may, however, still return a pointer to the original passed in buffer. This resulting in random garbage from the stack being present as the error string.
Indeed. However, I'm inclined to NACK the libvirt patch, because: Right now, gnulib guarantees that strerror() always gives a useful result (non-empty string for all errno values, even though POSIX allows an empty string), but the strerror_r-posix module is not making those same guarantees. Therefore, I argue that this is a bug in gnulib. We should be changing the strerror_r-posix module to guarantee sane behavior, rather than just bare-minimum compliance, even if that means replacing strerror_r on a few more platforms.
+++ b/src/util/virterror.c @@ -1267,9 +1267,13 @@ const char *virStrerror(int theerrno, char *errBuf, size_t errBufLen) int save_errno = errno; const char *ret;
+ memset(errBuf, 0, errBufLen);
That's a bit time-consuming, especially if errBufLen is MUCH bigger than the message to be printed. It would suffice to simply do *errbuf=0.
strerror_r(theerrno, errBuf, errBufLen); ret = errBuf; errno = save_errno; + + if (ret[0] == '\0') + strncpy(errBuf, _("Unknown errno"), errBufLen); return ret; }
-- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org