View previous topic :: View next topic |
Author |
Message |
s4e8 Guru
Joined: 29 Jul 2006 Posts: 311
|
Posted: Fri Aug 20, 2010 1:57 am Post subject: bork strcpy() in glibc-2.12.1 + core i7 + x86_64 |
|
|
Following code output "12345688" instead "12345678".
Code: |
int main(){
char buf[80];
strcpy(buf, "012345678\n");
strcpy(buf, buf+1);
puts(buf);
return 0;
}
|
add --disable-multi-arch to ebuild, disable all SSE optimizations, and problem gone.
This bug cause bash generate wrong \W prompt string. |
|
Back to top |
|
|
EatMeerkats Apprentice
Joined: 15 Mar 2006 Posts: 234
|
Posted: Fri Aug 20, 2010 2:33 am Post subject: |
|
|
From the strcpy man page:
Code: | The source and destination strings should not overlap, as the behavior is undefined. |
Bash does this kind of strcpy?
EDIT: Oops, that was from OS X's man page (wrong window). I would think the same applies to Linux, though, unless something is specifically done to handle this case (like memmove does). |
|
Back to top |
|
|
Etal Veteran
Joined: 15 Jul 2005 Posts: 1931
|
Posted: Fri Aug 20, 2010 2:59 am Post subject: |
|
|
Copying overlapped strings is a definite no-no. Both the POSIX standard and the glibc manual state that the behavior is undefined:
man 3p strcpy: | DESCRIPTION
The strcpy() function shall copy the string pointed to by s2 (including the terminating null byte)
into the array pointed to by s1. If copying takes place between objects that overlap, the behavior
is undefined. |
info libc 'Copying and Concatenation': | -- Function: char * strcpy (char *restrict TO, const char *restrict
FROM)
This copies characters from the string FROM (up to and including
the terminating null character) into the string TO. Like
`memcpy', this function has undefined results if the strings
overlap. The return value is the value of TO. |
If you found this flaw in bash, you should definitely report it. |
|
Back to top |
|
|
s4e8 Guru
Joined: 29 Jul 2006 Posts: 311
|
Posted: Fri Aug 20, 2010 3:28 am Post subject: |
|
|
both bash and syslogd use this kind of code...
this is from bash
Code: |
t = strrchr (t_string, '/');
if (t)
strcpy (t_string, t + 1);
|
syslogd use following method deal with continuation line
LINE1;\
strip backslash
LINE1;
read next line
LINE1;<IDENT>LINE2
strcpy to strip ident spaces...
LINE1;LINE2 |
|
Back to top |
|
|
xibo Apprentice
Joined: 21 Aug 2007 Posts: 152 Location: moving between kubuntu and ubuntu kde edition
|
Posted: Fri Aug 20, 2010 5:36 am Post subject: |
|
|
s4e8 wrote: | this is from bash
Code: |
t = strrchr (t_string, '/');
if (t)
strcpy (t_string, t + 1);
|
|
tell them to use bcopy then, or put "-Dstrcpy(a,b)=bcopy(a,b,strlen(b)+1)" to your CFLAGS when compiling it.
string.h wrote: | extern char *strcpy (char *__restrict __dest, __const char *__restrict __src)
__THROW __nonnull ((1, 2));
|
guess what __restrict means ( or look the references to the man page posted above )...
EDIT: just found the refered bash code section in $SRC_DIR/y.tab.c:7484. On top of that, a wonderful use of goto to get to the end of the switch statement in every case, too _________________
pjp wrote: | shickapooka800 wrote: | there are plenty of ubuntards in coffee shops around the globe these days. | Yes, but they're only smart enough to recognize they want to be popular, yet too stupid to recognize that it isn't a Mac. |
|
|
Back to top |
|
|
|