Date: Wed, 25 Nov 2009 04:27:55 +0000 (UTC) From: Garrett Wollman <wollman@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r199782 - head/lib/libc/stdio Message-ID: <200911250427.nAP4RtMK039067@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wollman Date: Wed Nov 25 04:27:55 2009 New Revision: 199782 URL: http://svn.freebsd.org/changeset/base/199782 Log: In __mbsconv(), if prec was zero, nconv could have been used uninitialized. Initialize it to a safe value so that there's no chance of returning an error if stack garbage happens to be equal to (size_t)-1 or (size_t)-2. Found by: Clang static analyzer MFC after: 7 days Modified: head/lib/libc/stdio/vfwprintf.c Modified: head/lib/libc/stdio/vfwprintf.c ============================================================================== --- head/lib/libc/stdio/vfwprintf.c Wed Nov 25 04:21:42 2009 (r199781) +++ head/lib/libc/stdio/vfwprintf.c Wed Nov 25 04:27:55 2009 (r199782) @@ -293,7 +293,7 @@ __mbsconv(char *mbsarg, int prec) * number of characters to print. */ p = mbsarg; - insize = nchars = 0; + insize = nchars = nconv = 0; mbs = initial_mbs; while (nchars != (size_t)prec) { nconv = mbrlen(p, MB_CUR_MAX, &mbs);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911250427.nAP4RtMK039067>