diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-03-21 11:03:00 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2022-03-21 13:48:00 +0100 |
commit | 9b01798b98d1d8e7cecb2eaf49aa6cc39d57ae0d (patch) | |
tree | ac69fb0674353b783c65d1a797c10be707416718 /src/basic/strv.h | |
parent | e7949be7900af8e045cb530a22d023037eac273c (diff) | |
download | systemd-9b01798b98d1d8e7cecb2eaf49aa6cc39d57ae0d.tar.gz |
basic/strv: avoid potential UB with references to array[-1]
"""
Given an array a[N] of N elements of type T:
- Forming a pointer &a[i] (or a + i) with 0 ≤ i ≤ N is safe.
- Forming a pointer &a[i] with i < 0 or i > N causes undefined behavior.
- Dereferencing a pointer &a[i] with 0 ≤ i < N is safe.
- Dereferencing a pointer &a[i] with i < 0 or i ≥ N causes undefined behavior.
"""
As pointed by by @medhefgo, here we were forming a pointer to a[-1]. a itself
wasn't NULL, so a > 0, and a-1 was also >= 0, and this didn't seem to cause any
problems. But it's better to be formally correct, especially if we move the
code to src/fundamental/ later on and compile it differently.
Compilation shows no size change (with -O0 -g) on build/systemd, so this should
have no effect whatsoever.
Diffstat (limited to 'src/basic/strv.h')
-rw-r--r-- | src/basic/strv.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/basic/strv.h b/src/basic/strv.h index 985499272f..bc76a2861c 100644 --- a/src/basic/strv.h +++ b/src/basic/strv.h @@ -133,8 +133,8 @@ bool strv_overlap(char * const *a, char * const *b) _pure_; size_t _len = strv_length(h); \ _len > 0 ? h + _len - 1 : NULL; \ }); \ - i && (s = i) >= h; \ - i--) + (s = i); \ + i > h ? i-- : (i = NULL)) #define STRV_FOREACH_BACKWARDS(s, l) \ _STRV_FOREACH_BACKWARDS(s, l, UNIQ_T(h, UNIQ), UNIQ_T(i, UNIQ)) |