-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Eric Blake on 5/26/2009 6:56 AM: > Yes, adding to the test is a good first step, and we can use the feedback > to decide how much else we might need to do. Is the bug also present in > gnulib's strstr replacement?
To answer my own question: http://www.alphalinux.org/archives/axp-list/March2001/0337.shtml It looks like the bug is alpha-specific in memchr, which means it will manifest itself with gnulib's strstr, as well as in anything else that uses memchr to search for a trailing \0 with a length longer than the allocated memory, if we don't replace the broken memchr implementation. In other words, even code like vasnprintf.c is also suspect, because it uses memchr(,\0,) under the hood for %.*s. - -- Don't work too hard, make some time for fun as well! Eric Blake e...@byu.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkob7QQACgkQ84KuGfSFAYALgwCeONMrRB7UyEbuK4p6DVMcuedh CAAAoIFNiaXf9uox427wVOoNJvSyMYjp =uQSY -----END PGP SIGNATURE-----
