
On Thu, Apr 24, 2008 at 10:01:29PM +0200, Jim Meyering wrote:
"Daniel P. Berrange" <berrange@redhat.com> wrote:
static const char needle[] = "char device redirected to"; char *tmp;
- if (!(tmp = strstr(haystack, needle))) + /* First look for our magic string */ + if (!(tmp = strstr(haystack + *offset, needle))) return -1;
+ /* Grab all the trailing data */ strncpy(path, tmp+sizeof(needle), pathmax-1);
That should be sizeof(needle)-1. Otherwise, if someone nasty gave you input ending with "char device redirected to", the strncpy above would start reading just past the NUL at the end of "haystack".
Fixed this.
path[pathmax-1] = '\0';
- while (*path) { - /* - * The monitor path ends at first whitespace char - * so lets search for it & NULL terminate it there - */ - if (isspace(*path)) { - *path = '\0'; + /* + * And look for first whitespace character and nul terminate + * to mark end of the pty path + */ + tmp = path; + while (*tmp) { + if (isspace(*tmp)) {
Since "tmp" has type "char", this causes trouble in an environment where "char" is a signed type. When *tmp is larger than 127, it gets sign-extended, and isspace can misbehave on the large negative number (isspace is not defined for such values). Instead, do it like this:
if (isspace(*(unsigned char *)tmp)) {
or better, using the to_uchar function (from coreutils):
if (isspace(to_uchar(tmp))) {
Fixed this when merging with your to_uchar() changes. Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|