From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-78859-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 15413 invoked by alias); 28 Feb 2011 18:17:44 -0000
Received: (qmail 15404 invoked by uid 22791); 28 Feb 2011 18:17:43 -0000
X-SWARE-Spam-Status: No, hits=-4.9 required=5.0	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,TW_BJ,TW_CP,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from smtp-outbound-1.vmware.com (HELO smtp-outbound-1.vmware.com) (65.115.85.69)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 28 Feb 2011 18:17:39 +0000
Received: from mailhost4.vmware.com (mailhost4.vmware.com [10.16.67.124])	by smtp-outbound-1.vmware.com (Postfix) with ESMTP id 12F291303E;	Mon, 28 Feb 2011 10:17:38 -0800 (PST)
Received: from msnyder-server.eng.vmware.com (promd-2s-dhcp138.eng.vmware.com [10.20.124.138])	by mailhost4.vmware.com (Postfix) with ESMTP id 0E021C9F70;	Mon, 28 Feb 2011 10:17:38 -0800 (PST)
Message-ID: <4D6BE6C1.7050502@vmware.com>
Date: Mon, 28 Feb 2011 18:27:00 -0000
From: Michael Snyder <msnyder@vmware.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20101201)
MIME-Version: 1.0
To: Pedro Alves <pedro@codesourcery.com>
CC: "gdb-patches@sourceware.org" <gdb-patches@sourceware.org>
Subject: Re: [commit] objc-lang.c: avoid string overrun
References: <4D6B0553.6010803@vmware.com> <201102280951.19458.pedro@codesourcery.com>
In-Reply-To: <201102280951.19458.pedro@codesourcery.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2011-02/txt/msg00926.txt.bz2

Pedro Alves wrote:
> On Monday 28 February 2011 02:15:47, Michael Snyder wrote:
>>         {
>> -         strcpy(myregexp, regexp);
>> +         strncpy(myregexp, regexp, sizeof (myregexp) - 1);
> 
> Such fixes ain't that much better.  At the bare least, you'd
> need to null terminate the result, as strncpy does not do that
> for you if REGEXP is large enough --- strncpy was not
> designed as a safe strcpy.  And then proceeding as if nothing
> happened when `myregexp' isn't large enough is just b0rked.
> 
>>           if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */
>>             myregexp[strlen(myregexp) - 1] = ']';    /* end of method name */
> 

Yes, Jan provided a more complete fix.