summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-04-19 13:16:56 -0400
committerNick Mathewson <nickm@torproject.org>2014-04-19 13:16:56 -0400
commit3b1f7f75a7efa51ae5549a6413e90066cfe307a8 (patch)
tree2c9cc7e068af1cda0a314a9c554c2614cbe6eac8
parent685d450ab3823c578514ce6986d00c6e219abb43 (diff)
downloadtor-3b1f7f75a7efa51ae5549a6413e90066cfe307a8.tar.gz
tor-3b1f7f75a7efa51ae5549a6413e90066cfe307a8.zip
scan-build: memarea_strndup() undefined behavior
The memarea_strndup() function would have hit undefined behavior by creating an 'end' pointer off the end of a string if it had ever been given an 'n' argument bigger than the length of the memory ares that it's scanning. Fortunately, we never did that except in the unit tests. But it's not a safe behavior to leave lying around.
-rw-r--r--src/common/memarea.c7
1 files changed, 2 insertions, 5 deletions
diff --git a/src/common/memarea.c b/src/common/memarea.c
index e2d07fca9e..bcaea0949e 100644
--- a/src/common/memarea.c
+++ b/src/common/memarea.c
@@ -291,14 +291,11 @@ memarea_strdup(memarea_t *area, const char *s)
char *
memarea_strndup(memarea_t *area, const char *s, size_t n)
{
- size_t ln;
+ size_t ln = 0;
char *result;
- const char *cp, *end = s+n;
tor_assert(n < SIZE_T_CEILING);
- for (cp = s; cp < end && *cp; ++cp)
+ for (ln = 0; ln < n && s[ln]; ++ln)
;
- /* cp now points to s+n, or to the 0 in the string. */
- ln = cp-s;
result = memarea_alloc(area, ln+1);
memcpy(result, s, ln);
result[ln]='\0';