Request for approval: Bug 100057 - Potential stack corruption in GetJavaProperties

Andrew Haley aph at redhat.com
Fri May 22 15:44:45 UTC 2009


David Holmes - Sun Microsystems wrote:

> If you use malloc then you have to check for a NULL return and deal with
> the error possibility.
> 
> Alternatively use strncpy to make sure it's safe and continue to assume
> that it will be big enough.

I'm working on fixing this properly, but I just came across a gem of
very confusing code:

            if ((encoding = strchr(p, '.')) != NULL) {
                p[encoding++ - p] = '\0';
                p = encoding;
            }

The middle line

                p[encoding++ - p] = '\0';

is unlike anything I have ever seen before.  As far as I can tell it
is equivalent to

                *encoding++ = '\0';

but expressed in a, er, unique way.  I suppose the idea is that it shows
that the store is within p.

I just had to share this...

Andrew.



More information about the core-libs-dev mailing list