[Patch] fix unsigned long fast_strtoul_10(char **endptr) for Linux 2.4
walter harms
wharms at bfs.de
Tue Feb 28 16:46:09 UTC 2012
Am 28.02.2012 17:08, schrieb Denys Vlasenko:
> On Tue, Feb 28, 2012 at 5:04 PM, walter harms <wharms at bfs.de> wrote:
>> Hello Ralf,
>> the current version has a major problem when you consider this: "0\0"
>> the patch ( change != into > ) will only catch the current bug
>> (reading the last 0 wrong what actually happens on 2.4) but when the main
>> code reads again (perhaps to get additional information) it will read
>> beyond \0.
>> char *cp="0\n";
>> fast_strtoul_10(&cp); <-- will work fine
>> fast_strtoul_10(&cp); <-- will break
>
> The whole point of fast_strtoul_10 is that it _knows_ that /proc data
> it is fed with is well-formatted. That's why it doesn't do a lot of error
> checking, for example: it simply assumes all chars > ' ' will be
> decimal digits.
>
> The thing you are pointing out is just another case of lack of error check:
> fast_strtoul_10() is not supposed to be called when you are unsure that
> field you are trying to parse actually exists.
>
i noticed that also, the difference for me is that ignoring \0 may cause an
segfault, while taking \n for a number will result in bad data.
re,
wh
More information about the busybox
mailing list