Bug#534641: mendex bug
Hi Norbert, hi all,
> +#define TAIL_LEN(x) ((x)+strlen(x)), (BUFFERLEN-strlen(x))
OK, I recognize 'BUFFERLEN-strlen(x)' is always plus.
Even when buffer is full, strlen(x) become BUFFERLEN-1,
because buffer includes '\0'.
Sorry. Please forget my previous mail.
I'll attach my test source.
-- Thank you,
Nobuyuki Tsuchimura
From: TSUCHIMURA Nobuyuki <tutimura@nn.iij4u.or.jp>
Subject: [ptex:00357] Re: mendex bug
Date: Sun, 8 Sep 2013 16:15:58 +0900
Message-ID: <[🔎] 20130908161558K.tutimura@nn.iij4u.or.jp>
> Hi Norbert, hi all,
>
> -#define TAIL(x) (x+strlen(x))
> +#define TAIL(x) ((x)+strlen(x))
>
> It was my fault. Thank you for correcting.
>
> +#define TAIL_LEN(x) ((x)+strlen(x)), (BUFFERLEN-strlen(x))
>
> Nice idea.
> I'm not sure but I'm wandering if snprintf()
> can handle negative (minus) length or not.
>
> int snprintf(char *str, size_t size, const char *format, ...);
>
> 'size_t' should be unsigned?
>
> Regards,
> Nobuyuki Tsuchimura
>
>
> From: Norbert Preining <preining@logic.at>
> Subject: [ptex:00356] Re: mendex bug
> Date: Sun, 8 Sep 2013 10:59:19 +0900
> Message-ID: <[🔎] 20130908015919.GA20356@gamma.logic.tuwien.ac.at>
>
> > Hi Karl, hi all,
> >
> > On Sa, 07 Sep 2013, Karl Berry wrote:
> > > #define TAIL(x) (x+strlen(x))
> >
> > Done, fixed patch attached: mendex-bugfix
> >
> > > In general, shouldn't snprintf be used to avoid the whole potential of
> > > buffer overrun?
> >
> > Done that for fwrite.c, but there are other cases in the source.
> > Patch for fwrite.c attached, on top of the prvious: mendex-snprintf
> >
> > If anyone can comment on that (review) that would be great, especially
> > the definition of
> > TAIL_LEN(x)
> > (returning two argumetns, the pointer and the remaining length, for
> > the first two arguments of snprintf).
> >
> > Thanks
> >
> > Norbert
> >
> > ------------------------------------------------------------------------
> > PREINING, Norbert http://www.preining.info
> > JAIST, Japan TeX Live & Debian Developer
> > DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
> > ------------------------------------------------------------------------
>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#define TAIL_LEN(x) ((x)+strlen(x)), (BUFFERLEN-strlen(x))
#define BUFFERLEN 25
int snprintfcat(char *str, size_t size, const char *format, ...) {
int n, len;
va_list ap;
len = strlen(str);
if (len >= size) return -1;
printf("size-len=%d\n", size-len);
va_start(ap, format);
n = vsnprintf(str+len, size-len, format, ap);
va_end(ap);
return n;
}
int main() {
char dummy1[25];
char buff[25];
char dummy2[25];
printf("TAIL_LEN\n");
snprintf(buff, sizeof(buff), "%s", "1234567890");
puts(buff);
snprintf(TAIL_LEN(buff), "%s", "1234567890");
puts(buff);
snprintf(TAIL_LEN(buff), "%s", "1234567890");
puts(buff);
snprintf(TAIL_LEN(buff), "%s", "1234567890");
puts(buff);
printf("\nsnprintfcat\n");
snprintf(buff, sizeof(buff), "%s", "1234567890");
puts(buff);
snprintfcat(buff, sizeof(buff), "%s", "1234567890");
puts(buff);
snprintfcat(buff, sizeof(buff), "%s", "1234567890");
puts(buff);
snprintfcat(buff, sizeof(buff), "%s", "1234567890");
puts(buff);
return 0;
}
Reply to: