From nobody@FreeBSD.org  Wed Nov 24 17:31:06 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5FB5C1065670
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Nov 2010 17:31:06 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 4E5208FC1E
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Nov 2010 17:31:06 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oAOHV5Lo043569
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Nov 2010 17:31:05 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id oAOHV5pu043568;
	Wed, 24 Nov 2010 17:31:05 GMT
	(envelope-from nobody)
Message-Id: <201011241731.oAOHV5pu043568@red.freebsd.org>
Date: Wed, 24 Nov 2010 17:31:05 GMT
From: Henning Petersen <henning.petersen@t-online.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         152549
>Category:       bin
>Synopsis:       [patch] lint(1): the function catstrg() in usr.bin/xlint/lint1/tree.c is broken.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 24 17:40:06 UTC 2010
>Closed-Date:    Mon Aug 08 05:34:02 UTC 2011
>Last-Modified:  Mon Aug 08 05:34:02 UTC 2011
>Originator:     Henning Petersen
>Release:        FreeBSD-current
>Organization:
>Environment:
>Description:
The function catstrg() in usr.bin/xlint/lint1/tree.c is broken.

>How-To-Repeat:
	Take the following example program:

---- BEGIN -----
#include <stdio.h>
#include <stdarg.h>
#include <syslog.h>

/* PRINTFLIKE1 */
int
myprintf(char *fmt0, ...)
{
	va_list va;

	va_start(va, fmt0);
	vsyslog(LOG_DEBUG, fmt0, va);
	va_end(va);
	return 0;
}

int main(int argc, char *argv[])
{
	long h;

	h = (long) argc;
	myprintf("Usage: "
		"%ld [options]\n" , h);
	return argv[0] != NULL;
}
---- END -----

        and run
        lint -n example.c
	which will print (besides other stuff):
	myprintf: malformed format string


>Fix:
diff -u -r1.14 tree.c
--- src/usr.bin/xlint/lint1/tree.c	1 Jan 2003 18:13:44 -0000	1.14
+++ src/usr.bin/xlint/lint1/tree.c	24 Nov 2010 16:23:32 -0000
@@ -3786,6 +3786,7 @@
 			     (len2 + 1) * sizeof (wchar_t));
 		free(strg2->st_wcp);
 	}
+	strg1->st_len = len;
 	free(strg2);
 
 	return (strg1);


Patch attached with submission follows:

Index: src/usr.bin/xlint/lint1/tree.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/xlint/lint1/tree.c,v
retrieving revision 1.14
diff -u -r1.14 tree.c
--- src/usr.bin/xlint/lint1/tree.c	1 Jan 2003 18:13:44 -0000	1.14
+++ src/usr.bin/xlint/lint1/tree.c	24 Nov 2010 16:23:32 -0000
@@ -3786,6 +3786,7 @@
 			     (len2 + 1) * sizeof (wchar_t));
 		free(strg2->st_wcp);
 	}
+	strg1->st_len = len;
 	free(strg2);
 
 	return (strg1);


>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/152549: commit references a PR
Date: Mon,  8 Aug 2011 05:22:19 +0000 (UTC)

 Author: kevlo
 Date: Mon Aug  8 05:22:09 2011
 New Revision: 224702
 URL: http://svn.freebsd.org/changeset/base/224702
 
 Log:
   catstrg() does not set the resulting string length.
   
   PR:	bin/152549
   Submitted by:	Henning Petersen <henning dot petersen at t-online dot de>
   Approved by:	re (hrs)
 
 Modified:
   head/usr.bin/xlint/lint1/tree.c
 
 Modified: head/usr.bin/xlint/lint1/tree.c
 ==============================================================================
 --- head/usr.bin/xlint/lint1/tree.c	Mon Aug  8 03:09:03 2011	(r224701)
 +++ head/usr.bin/xlint/lint1/tree.c	Mon Aug  8 05:22:09 2011	(r224702)
 @@ -3786,6 +3786,7 @@ catstrg(strg_t *strg1, strg_t *strg2)
  			     (len2 + 1) * sizeof (wchar_t));
  		free(strg2->st_wcp);
  	}
 +	strg1->st_len = len;
  	free(strg2);
  
  	return (strg1);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: kevlo 
State-Changed-When: Mon Aug 8 05:33:46 UTC 2011 
State-Changed-Why:  
Committed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152549 
>Unformatted:
