W
weidongtom
Hi,
I was reading some code and I came across this function:
static char *
base_name(char *s)
{
char *bp;
char *ep;
bp = s;
ep = 0; /* Can this cause problem?*/
while (*s)
{
if (s[0] == '/' && s[1] && s[1] != '/')
bp = s + 1;
if (s > bp && s[0] == '/' && s[-1] != '/')
ep = s;
++s;
}
if (!ep)
ep = s;
*s = 0;
return bp;
}
ep = 0; Memory is not allocated to ep, so, this could write to any
memory address right? And I tried it out with:
#include <stdio.h>
int main(void){
char *b;
*b = 0;
return 0;
}
and I get a segmentation fault. So I guess that's a bug right? (This
is from the source code of hexdump-1.5).
I was reading some code and I came across this function:
static char *
base_name(char *s)
{
char *bp;
char *ep;
bp = s;
ep = 0; /* Can this cause problem?*/
while (*s)
{
if (s[0] == '/' && s[1] && s[1] != '/')
bp = s + 1;
if (s > bp && s[0] == '/' && s[-1] != '/')
ep = s;
++s;
}
if (!ep)
ep = s;
*s = 0;
return bp;
}
ep = 0; Memory is not allocated to ep, so, this could write to any
memory address right? And I tried it out with:
#include <stdio.h>
int main(void){
char *b;
*b = 0;
return 0;
}
and I get a segmentation fault. So I guess that's a bug right? (This
is from the source code of hexdump-1.5).