Re: [PATCH] libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c: Be sure 'errbuf' always be zero terminated.

[Chen Gang <gang dot chen dot 5i5j at gmail dot com>]

Hello All:

It is a simple way for finding these kinds of issues (issues may not be
bugs), one sample for 'strncpy' (the same way for sprintf, strcpy,
memcpy ...):

 - grep strncpy in all source code.

 - and then check each one by one.

 - at present, I have finish check about 30% for strncpy.

Also have another ways for finding trivial patches (e.g. how to find
resource leak when failure occurs, ...).

If these kinds of trivial patches are only bother most of members,
please let me know, and next, I shall not send this kinds of patches.


Thanks.

On 07/28/2014 08:16 PM, Chen Gang wrote:
> 'errbuf' assumes itself will be zero terminated, and it also assumes
> cpnative_getErrorString() may get larger length string than 'errbuf'.
> So after strncpy(), 'errbuf' may not be zero terminated.
> 
> strncpy() is sure of zero pad, but not be sure of zero terminated.
> 
> 
> Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
> ---
>  libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c b/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
> index a6076f2..0972a5e 100644
> --- a/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
> +++ b/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
> @@ -210,6 +210,7 @@ Java_java_lang_VMProcess_nativeSpawn (JNIEnv * env, jobject this,
>    if (err != 0)
>      {
>        strncpy(errbuf, cpnative_getErrorString (err), sizeof(errbuf));
> +      errbuf[sizeof(errbuf) - 1] = '\0';
>        goto system_error;
>      }
>  
> 

-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed