This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

libobjc/9751: malloc of strlen, not strlen+1

>Number:         9751
>Category:       libobjc
>Synopsis:       malloc of strlen, not strlen+1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 19 03:46:00 UTC 2003
>Release:        gcc-3.2.2
In file /gcc-3.2.1/libobjc/gc.c line 415 there is the following (possibly buggy?) code...

	  /* The variable is gc_invisible and we have to reverse it */
	  new_type = objc_atomic_malloc (strlen (ivar->ivar_type));
	  strncpy (new_type, ivar->ivar_type,
		   (size_t)(type - ivar->ivar_type));
	  strcat (new_type, type + 1);
	  ivar->ivar_type = new_type;

Probably that should be malloc(strlen()+1) for the null. Also strncpy is an fugly beast that almost always doesn't do what you want. ie. Will there always be a null termination in the right place for the following strcat()?
Found using my collection of perl regex's for finding standard "gotcha's"


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]