Re: [gentoo-user] BUG in glibc???? [WAY OT]

Sun, 30 Oct 2005 15:44:14 -0800 

capsel wrote:


Hi all,

is it a bug in glibc or in my code?
This is so far off topic, it isn't even funny. But, I see a couple bugs in your code. I will cover them inline: 


        if( ( config_content == NULL ) || ( config_content==0 ) )
Not really a bug here, but since NULL and 0 are the same value, you only need one side of the comparison. 


        *(lines) = config_content;
        for( i = 0; i < config_contentl; i++ )
        {
                if( *(config_content+i) == '\n' )
                {
                        lines = (char**) realloc( lines, sizeof( char** 
)*(linesc+1) );
                        if( lines == NULL )
                        {
                                fprintf( logi, "=> B³±d alokacji\n" );
                                return 0;
                        }
                        linesc++;
                        *(lines+linesc) = (config_content+i+1);
                        *(config_content+i) = '\0';
                        printf( "-> linesc++\n" );
                }
        }
There is a possible off-by-one error for linesc if config_content does not end with a newline. For example, consider a config file with a single line that does not end with a newline. In that case, linesc will be 0 in your code, and you will not process anything.
I suggest setting linesc = 1 before the loop, and then adjust the internals appropriately. 


        fprintf( stdout, "-> linesc = %u\n", linesc );
        for( i = 0; i < linesc; i++ )
        {
                if( *(*(lines+i)) == '#' )
                {
                        continue;
                }
Again, not a bug, but a readability recommendation. Use a temporary variable inside your loop for the current line: 

char* line = lines[i];

Then replace all "*(lines+i)" with "line".


                if( strcmp( "log", *(lines+i) ) == 0 )
                {
                        config_configpathl = strlen( eqch+1 );
                        config_configpath = (char*) malloc( config_configpathl 
);
                        if( config_configpath == NULL )
                        {
                                fprintf( logi, "=> B³±d alokacji pamiêci na nazwe 
pliku loga dla linii %i\n",i );
                                free( lines );
                                return 0;
                        }
                        strcpy( config_configpath, eqch+1 );
                        fprintf( stdout, "-> log = `%s'\n", eqch+1 );
                        continue;
                }
This is your major bug, a memory overflow. You are only allocated enough memory for the characters of the string, not including the terminating null character. Strcpy copies the characters of the string, _plus_ the terminating null, which is where you get a memory overflow.
Get rid of config_configpathl and the strlen line, and replace the malloc and strcpy with strdup(). 

-Richard

--
gentoo-user@gentoo.org mailing list

Reply via email to