This is the mail archive of the
mailing list for the GCC project.
Re: [PATCH] libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c: Be sure 'errbuf' always be zero terminated.
- From: Chen Gang <gang dot chen dot 5i5j at gmail dot com>
- To: Jeff Law <law at redhat dot com>, tromey at redhat dot com, mckinlay at redhat dot com, aph at redhat dot com, per at bothner dot com, tromey at redhat dot com
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Wed, 30 Jul 2014 23:01:30 +0800
- Subject: Re: [PATCH] libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c: Be sure 'errbuf' always be zero terminated.
- Authentication-results: sourceware.org; auth=none
- References: <53D63F19 dot 4050405 at gmail dot com> <53D7313C dot 8080203 at gmail dot com>
I shall stop making this kind of patch, next. The reason is that I worry
about what I have done have negative effect to others. And next, I shall
try to send another kinds of patches for gcc when I have time.
Many persons or companies use open source who never give thanks or
contribution back to open source. But open source (especially,
fundamental software) still provide common contributions to outside.
What I have done is only for contribution back to open source, so I can
understand none-reply from open source (at least, it is not the excuse
to let myself stop). But what I worry about is whether bother others.
On 07/29/2014 01:29 PM, Chen Gang wrote:
> Hello All:
> It is a simple way for finding these kinds of issues (issues may not be
> bugs), one sample for 'strncpy' (the same way for sprintf, strcpy,
> memcpy ...):
> - grep strncpy in all source code.
> - and then check each one by one.
> - at present, I have finish check about 30% for strncpy.
> Also have another ways for finding trivial patches (e.g. how to find
> resource leak when failure occurs, ...).
> If these kinds of trivial patches are only bother most of members,
> please let me know, and next, I shall not send this kinds of patches.
> On 07/28/2014 08:16 PM, Chen Gang wrote:
>> 'errbuf' assumes itself will be zero terminated, and it also assumes
>> cpnative_getErrorString() may get larger length string than 'errbuf'.
>> So after strncpy(), 'errbuf' may not be zero terminated.
>> strncpy() is sure of zero pad, but not be sure of zero terminated.
>> Signed-off-by: Chen Gang <email@example.com>
>> libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c | 1 +
>> 1 file changed, 1 insertion(+)
>> diff --git a/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c b/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
>> index a6076f2..0972a5e 100644
>> --- a/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
>> +++ b/libjava/classpath/native/jni/java-lang/java_lang_VMProcess.c
>> @@ -210,6 +210,7 @@ Java_java_lang_VMProcess_nativeSpawn (JNIEnv * env, jobject this,
>> if (err != 0)
>> strncpy(errbuf, cpnative_getErrorString (err), sizeof(errbuf));
>> + errbuf[sizeof(errbuf) - 1] = '\0';
>> goto system_error;
Open share and attitude like air water and life which God blessed