This patch fixes parameter parsing in iptables-restore since time ago. The
problem has shown up with gcc-4.7. This version of gcc seem to perform more
agressive memory management than previous.
Peter Lekensteyn provided the following sample code similar to the one
in iptables-restore:
int i = 0;
for (;;) {
char x[5];
x[i] = '0' + i;
if (++i == 4) {
x[i] = '\0'; /* terminate string with null byte */
printf("%s\n", x);
break;
}
}
Many may expect 0123 as output. But GCC 4.7 does not do that when compiling
with optimization enabled (-O1 and higher). It instead puts random data in the
first bytes of the character array, which becomes:
| 0 | 1 | 2 | 3 | 4 |
| RANDOM | '3' | '\0' |
Since the array is declared inside the scope of loop's body, you can think of
it as of a new array being allocated in the automatic storage area for each
loop iteration.
The correct code should be:
char x[5];
for (;;) {
x[i] = '0' + i;
if (++i == 4) {
x[i] = '\0'; /* terminate string with null byte */
printf("%s\n", x);
break;
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
char *curchar;
int quote_open, escaped;
size_t param_len;
+ char param_buffer[1024];
/* reset the newargv */
newargc = 0;
param_len = 0;
for (curchar = parsestart; *curchar; curchar++) {
- char param_buffer[1024];
-
if (quote_open) {
if (escaped) {
param_buffer[param_len++] = *curchar;
char *curchar;
int quote_open, escaped;
size_t param_len;
+ char param_buffer[1024];
/* reset the newargv */
newargc = 0;
param_len = 0;
for (curchar = parsestart; *curchar; curchar++) {
- char param_buffer[1024];
-
if (quote_open) {
if (escaped) {
param_buffer[param_len++] = *curchar;
projects / thirdparty / iptables.git / commitdiff
