Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!columbia!tom.columbia.edu!kanevsky
From: kanevsky@tom.columbia.edu (Paul Kanevsky)
Newsgroups: comp.sys.ibm.pc
Subject: Re: MSC 4.0 and the Twilight Zone
Message-ID: <4584@columbia.UUCP>
Date: Mon, 4-May-87 15:06:13 EDT
Article-I.D.: columbia.4584
Posted: Mon May  4 15:06:13 1987
Date-Received: Tue, 5-May-87 02:49:24 EDT
References: <2454@uw-june.UUCP> <2088@hoptoad.uucp>
Sender: nobody@columbia.UUCP
Reply-To: kanevsky@tom.columbia.edu.UUCP (Paul Kanevsky)
Organization: Columbia University CS Department
Lines: 34
Keywords: strdup and strcat

In article <2088@hoptoad.uucp> farren@hoptoad.UUCP (Mike Farren) writes:
>In article <2454@uw-june.UUCP> roper@uw-june.UUCP (Michael Roper) writes:
>>
>>main (argc, argv)
>>int argc;
>>char *argv[];
>>{
>> char  *s;
>>
>> s = strdup (argv[1]);
>> strcat (s, ".U");
>> do_nothing (s);
>>}
>
>Note that you are defining s (and, later, do_nothing_str) as a pointer to
>char, but you are never creating an array that the pointers will point to.

[the rest of the message...]

>hoptoad!farren       Garrison Keillor, "Lake Wobegon Days"


This is not strictly true. In fact, strdup function will allocate space enough
to fit the argument string. The mistake here is in the strcat(s, ".U") which
attempts to add to the end of the allocated space.  Since space was allocated
only to accept the original string, anything added to it will be writing
to the outside memory that might belong to other variables.


                                                 - Paul

Paul Kanevsky
Columbia University, NY
kanevsky@tom.columbia.edu