Bug#392669: /usr/sbin/sshd: off-by-one error in function 'xmmap'
> Hi Justin,
>
> On Fri, Oct 13, 2006 at 07:45:44PM -0400, Justin Pryzby wrote:
>> > The problem, reduced to a simpler form, is shown in the following
>> > example:
>> >
>> > voss@burmah [~] cat t.c
>> > #include <stdio.h>
>> > int
>> > main()
>> > {
>> > char string[4]="1234";
>> > puts(string);
>> > return 0;
>> > }
>> > voss@burmah [~] gcc t.c
>> > voss@burmah [~] ./a.out
>> > 1234@o?=o?
>> > Clearly 'string' was not terminated there. Why do you think that the
>> > original issue is different?
>> Whether you use
>>
>> #define FOO "1234"
>>
>> or
>>
>> char foo[]="1234";
>>
>> strlen(foo) = 4 (does not include the null byte); and,
>> sizeof(foo) = 5 (includes the null byte).
>>
>> Your example doesn't use sizeof; try sizeof("1234"), which, it is my
>> recollection, will evaluate to 5.
>
> Sorry, of course you are right.
> My sincere apologies for the confusion.
Don't worry; I learned something new here (or at least will try to
remember it, this time). Could you look into the gcc off-by-one I
mentioned? This would be worth at least 20 bogus bug submissions :)
Cheers
Justin
Reply to: