Path: utzoo!attcan!telly!lethe!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!ames!ads.com!killer!usenet
From: anders@verity.com (Anders Wallgren)
Newsgroups: comp.sys.mac.programmer
Subject: PLstrcat bug in MPW QR1
Message-ID: <1990Dec21.201408.7360@verity.com>
Date: 21 Dec 90 20:14:08 GMT
Sender: usenet@verity.com (USENET News)
Reply-To: anders@verity.com (Anders Wallgren)
Organization: Verity, Inc., Mountain View, CA
Lines: 16

I think I've found a bug in the PLstrcat routine in the MPW QR1
libraries (on ETO #1): if the second string (the one being concated to
the end of the first one) is zero-length, the routine will trash
memory.

This seems to happen because it subtracts one from the length of the
second string without checking the length for zero first.  Since this
number is then used to control the loop that does the actual copying,
this causes it to concat 255 bytes to the end of the first string,
writing past the end if it already has characters in it.

An easy workaround is to just check the length of the second string
and not make the call if it's zero.


anders