OpenSolaris

Printable Version Enter a New Search
Bug ID 6642281
Synopsis substr() doesn't properly null-terminate
State 10-Fix Delivered (Fix available in build)
Category:Subcategory kernel:dtrace
Keywords
Responsible Engineer Adam Leventhal
Reported Against
Duplicate Of
Introduced In
Commit to Fix snv_88
Fixed In snv_88
Release Fixed solaris_nevada(snv_88)
Related Bugs 6642734 , 6642972
Submit Date 15-December-2007
Last Update Date 23-April-2008
Description 
[ahl 12.14.2007]

Consider the following script:

tick-1000
{
        i++;
        @[substr((i & 1) ? "Bryan is smart" : "he's not a dummy", 0,
            (i & 1) ? 8 : 18)] = count();
}

Here's the output:

# dtrace -s out.d
dtrace: script 'out.d' matched 1 probe
^C

  Bryan is                                                          2
  Bryan is a dummy                                                436
  he's not a dummy                                                437

Here's the offending code in dtrace.c:

                for (d[0] = '\0'; remaining > 0; remaining--) {
                        if ((d[i++] = dtrace_load8(s++ + index)) == '\0')
                                break;

                        if (i == size) {
                                d[i - 1] = '\0';
                                break;
                        }
                }
[ bmc, 12/17/07 ]

I would hasten to point out that "he's not a dummy" beat "Bryan is a dummy", albeit
in a down-to-the-wire squeaker.  Thank God for those two "Bryan is" write-ins!
Work Around 
N/A
Comments 
N/A