https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288321
Lewis Donzis <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Lewis Donzis <[email protected]> --- (In reply to Konstantin Belousov from comment #1) I don't think it's legitimate for the length to exceed the length of the buffer. It may work in some implementations (including the optimized amd64 variant) but it would be poor practice to depend on that. Our own non-optimized C implementation (/usr/src/lib/libc/string/memrchr.c) searches backwards from the specified length and, in your example, would likely crash or, perhaps worse, provide an incorrect result, potentially far beyond the end of the buffer. -- You are receiving this mail because: You are the assignee for the bug.
