[BusyBox] Five copies of syslog

Tomi Ollila Tomi.Ollila at sonera.com
Thu Oct 12 06:31:28 UTC 2000 

Wednesday Oct 11 20:10:48 -0400 2000 Gyepi SAM <gyepi at praxis-sw.com> wrote:
> > While looking the code I noticed one possible "problem" there.
> > 
> > 
> > 	bzero(&res, sizeof(res));
> > 	snprintf(res, sizeof(res), "<%d>", pri);
> > 
> > I'm not sure the exact functional spesification of snprintf -- maybe it
> > states, that the last byte should always be zero -- but some
> > implementations may not provide this. Therefore I suggest changing it as:
> > 
> > 	snprintf(res, sizeof(res), "<%d>", pri);
> > 	res[sizeof res - 1] = '\0';
> > 	
> > Tomi
> 
> In this case, this code will work fine with no changes. I don't
> think there's a problem at all.
> 
>    bzero(&res, sizeof(res)); 
>    
> sets every byte in res to '\0' so we don't have to
> append '\0' as long as we only snprintf once (or always snprintf a longer
> value than we had before).  In this case, we do the former, so it's OK.

bzero sets every byte as zero *BEFORE* the space is filled with snprintf.
Now are you sure that every snprintf writes '\0' at the end then the output
would be longer than the space provided. If yes, the bzero() is unneeded
beforehand, if not, the bzero() is useless beforehand.

An example. In the syslogd.c the res -buffer is 20 bytes long.
If, on some 64bit machine we are having maximum `res' value, it's length
will be ... hmm... 19 bytes (**)... OK, this was a bad example...

Anyway, if we had an output value that would be longer (or equal) than
20 bytes, first bzeroing 20 bytes,  and then filling it with 20 bytes of
stuff (without writing the last byte as '\0'), the entire bzeroed area
will be "unzeroed", and reading nul terminated string out of that space
will go pass the end of the 20 byte space...

> 
> -Gyepi

Hmm, I'm lazy to rewrite my email again, the example below may still be
good, the code is sprintf:ing "<%d>", pri, so sprintf:ing pri value
0x7FFFFFFFFFFFFFFF would like to output 21 decimal chars with trailing zero
appended (and -0x8000000000000000 22 decimal chars) on 64 bit integer systems.

Tomi



** 2 ^ 64 == 1.84467440737096e+19.  -1 * 2 ^ 63 == -9.22337203685478e+18
 -- both values when written to string is 19 (+ 1 trailing '\0') bytes long.

More information about the busybox mailing list