MIAOW Miao <[email protected]> wrote: >>>> if ((*ep)[nl] == '=' && strncmp (*ep, v->name, nl) == 0)
Henrik Carlqvist (Tue, 16 Jan 2024 06:59:30 +0000) wrote: >>> Looking at that line, the rather obvious fix would be to change it to: >>> >>> if (strncmp (*ep, v->name, nl) == 0 && (*ep)[nl] == '=') >>> >>> That way, *ep can be no shorter than having \0 at position nl and >>> accessing that position should not cause any segfault. On Tue, 16 Jan 2024 20:53:19 +0200 Eli Zaretskii <[email protected]> wrote: >> But it's less efficient when the (*ep)[nl] == '=' test fails. Henrik Carlqvist (17 January 2024 07:24) wrote: > Yes, that is true, but to avoid a possible segfault it is necessary to > somehow check that (*ep)[nl] is a valid address. The current fix at > https://savannah.gnu.org/bugs/index.php?65172 also works fine, but > also that fix might be even less efficient as strlen will read every > char up to and including \0 in *ep. or, to look at it another way, you can't legally access (*ep)[nl] until you've looked at every (*ep)[i] for 0 <= i < nl, since if any of those is '\0' then the memory segment you're allowed to access might end before (*ep)[nl], making it an invalid memory access. Henrik's proposed fix Does The Right Thing and is cleaner than the current proposed fix, Eddy.
