From owner-freebsd-bugs  Wed Jul 25  6:50:34 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7E0B937B41D
	for <freebsd-bugs@hub.freebsd.org>; Wed, 25 Jul 2001 06:50:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f6PDo1K61519;
	Wed, 25 Jul 2001 06:50:01 -0700 (PDT)
	(envelope-from gnats)
Received: from skade.lule2.infologigruppen.se (unknown [213.242.135.174])
	by hub.freebsd.org (Postfix) with ESMTP id 0B47837B40F
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 25 Jul 2001 06:45:24 -0700 (PDT)
	(envelope-from admglz@skade.lule2.infologigruppen.se)
Received: (from root@localhost)
	by skade.lule2.infologigruppen.se (8.11.4/8.11.4) id f6MJfCD17465;
	Sun, 22 Jul 2001 21:41:12 +0200 (CEST)
	(envelope-from admglz)
Message-Id: <200107221941.f6MJfCD17465@skade.lule2.infologigruppen.se>
Date: Sun, 22 Jul 2001 21:41:12 +0200 (CEST)
From: goran.lowkrantz@ismobile.com
Reply-To: goran.lowkrantz@ismobile.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: bin/29218: Missing pointer increment in wcsspn result in eternal loop
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         29218
>Category:       bin
>Synopsis:       Missing pointer increment in wcsspn result in eternal loop
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 25 06:50:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Goran Lowkrantz
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
isMobile AB
>Environment:
System: FreeBSD skade.lule2.infologigruppen.se 4.3-STABLE FreeBSD 4.3-STABLE #3: Fri Jul 20 22:45:53 CEST 2001 root@midgard.lule2.infologigruppen.se:/usr/src/sys/compile/SKADE i386

>Description:
In the libc function wcsspn, the search set pointer is not incremented. As a result, any call to this function results in an eternal loop.

>How-To-Repeat:
#include <cwchar>
#include <iostream>

int main(int argc, char* argv[])
{

        wchar_t * x = L"abcdefghijkabcdefghijk";

        size_t y = wcsspn(x, L"abcdf");
        cerr << y << endl;

        y = wcsspn(x, L"mno");
        cerr << y << endl;

        return 0;
}

>Fix:
--- wcsspn.c.orig       Sun Jul 22 21:33:35 2001
+++ wcsspn.c    Sun Jul 22 21:28:45 2001
@@ -50,6 +50,7 @@
                while (*q) {
                        if (*p == *q)
                                break;
+                       ++q;
                }
                if (!*q)
                        goto done;

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message