In article <87r8cfxa17.fsf@egil.codesourcery.com>,
Zack Weinberg<zack@codesourcery.com> writes:
The validation routines may skip into a region of memory
completely unrelated to the one it should be processing...
I'm confused. Why is validate_switches walking past the end of the
array in the first place?
Without a patch, it unconditionally bumps the pointer returned from
recursive calls to itself.
validate_switches ([...])
{
[...]
while ([...])
{
[...]
p = validate_switches (p+1);
[...]
p++
}
[...]
return p;
}
Any particular call to validate_switches() could return a pointer
resting on the '\0' terminator of the input spec. In conjunction, it
has the ability to backtrack to the start of the function.
if (p[-1] == [...])
goto next_member;
I *think* you are saying we should need only one '\0' terminator, and
that's what your patch accomplishes.
There is no published statement of how many we need. Requiring more
than one is non-conventional IMHO.