This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
libobjc/9751: malloc of strlen, not strlen+1
- From: john dot carter at tait dot co dot nz
- To: gcc-gnats at gcc dot gnu dot org
- Date: 19 Feb 2003 03:43:49 -0000
- Subject: libobjc/9751: malloc of strlen, not strlen+1
- Reply-to: john dot carter at tait dot co dot nz
>Number: 9751
>Category: libobjc
>Synopsis: malloc of strlen, not strlen+1
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 19 03:46:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: john.carter@tait.co.nz
>Release: gcc-3.2.2
>Organization:
>Environment:
all
>Description:
In file /gcc-3.2.1/libobjc/gc.c line 415 there is the following (possibly buggy?) code...
/* The variable is gc_invisible and we have to reverse it */
new_type = objc_atomic_malloc (strlen (ivar->ivar_type));
strncpy (new_type, ivar->ivar_type,
(size_t)(type - ivar->ivar_type));
strcat (new_type, type + 1);
ivar->ivar_type = new_type;
Probably that should be malloc(strlen()+1) for the null. Also strncpy is an fugly beast that almost always doesn't do what you want. ie. Will there always be a null termination in the right place for the following strcat()?
>How-To-Repeat:
Found using my collection of perl regex's for finding standard "gotcha's"
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: