This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Fix for off-by-one error in cpplib
Andreas, Zack, ...
Andreas Jaeger wrote:
>
>
> Index: gcc/cpplib.c
> ===================================================================
> RCS file: /cvs/gcc/egcs/gcc/cpplib.c,v
> retrieving revision 1.131
> diff -u -p -r1.131 cpplib.c
> --- cpplib.c 2000/03/12 23:46:05 1.131
> +++ cpplib.c 2000/03/13 16:47:01
> @@ -1706,7 +1706,7 @@ do_pragma_implementation (pfile)
> }
>
> name = pfile->token_buffer + written + 1;
> - len = strlen (name);
> + len = strlen (name) + 1;
> copy = (U_CHAR *) alloca (len);
> memcpy (copy, name, len - 1);
> copy[len] = '\0'; /* trim trailing quote */
>
> --
> Andreas Jaeger
> SuSE Labs aj@suse.de
> private aj@arthur.rhein-neckar.de
Whoops we are now putting the '\0' in the wrong place
(i.e past the end of the allocated buffer)
I think the following does the correct thing!
> name = pfile->token_buffer + written + 1;
> len = strlen (name);
> - copy = (U_CHAR *) alloca (len);
> + copy = (U_CHAR *) alloca (len + 1)
> - memcpy (copy, name, len - 1);
> + memcpy (copy, name, len);
> copy[len] = '\0'; /* trim trailing quote */
>
Graham