[haiku-commits] Re: r41321 - haiku/trunk/src/apps/powerstatus

  • From: John Scipione <jscipione@xxxxxxxxx>
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Fri, 6 May 2011 16:03:46 -0400

On Fri, May 6, 2011 at 3:58 PM, Rene Gollent <anevilyak@xxxxxxxxx> wrote:

> On Fri, May 6, 2011 at 3:52 PM, John Scipione <jscipione@xxxxxxxxx> wrote:
> > strcmp as does strncmp with length 1 returns 102 which will evaluate to
> true
> > for non null-terminated (but not blank) string. This is a potential
> security
> > exploit. Okay okay, so, the changes of a non null-terminated string are
> low
> > so maybe I am just being paranoid here but I am kind of surprised that
> this
> > tomfoolery actually worked. I mean, strcmp() isn't suppose to return 102
> > ever, only -1, 0, or 1!
>
> Incorrect, all the standard requires is that the integer be > 0 in one
> case and < 0 in the other, c.f.
> http://pubs.opengroup.org/onlinepubs/009695399/functions/strcmp.html
>
> Regards,
>
> Rene
>
>
Okay you are right, nm, my code won't work anyway because strncmp(str, "",
0) always returns 0. I just thought that the 102 result was strange.

John Scipione

Other related posts: