kernal_liteos_a/lib/libc/musl/src/string/strstr.c中
line 110: k = l-shift[h[l-1]];
The operand has undefined value. l - shift[h[l - 1]];
存在执行路径使得 ,l=0 ,即shift[h[l-1]为不合法操作数;
1、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 33:static char *twoway_strstr(const unsigned char *h, const unsigned char *n)
Start Analysis;
2、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 41:for (l=0; n[l] && h[l]; l++)
if ( n[l]==0 || h[l]==0 ) Then Take the false branch;
3、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 43:if (n[l]) return 0;
n[l]==0 Then Take the false branch;
4、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 47:while (jp+k<l) {
jp = 0; k = p = 1; l=0 ;jp + k > l; Take the false branch;
5、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 67:while (jp+k<l) {
jp = 0; k = p = 1; l=0 ;jp + k > l; Take the false branch;
6、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 82:if (ip+1 > ms+1) ms = ip;
ip = -1;ms = ip;ip + 1 = ms + 1 Take the false branch;
7、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 86:if (memcmp(n, n+p, ms+1)) {
Call a function. memcmp(n, n + p, ms + 1);
8、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 86:if (memcmp(n, n+p, ms+1)) {
Take the true branch. memcmp(n, n + p, ms + 1);
9、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 88:p = MAX(ms, l-ms-1) + 1;
Take the false branch. (ms) < (l - ms - 1);
10、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 98:if (z-h < l) {
z = h; z-h = l; Take the false branch;
11、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 109:if (BITOP(byteset, h[l-1], &)) {
(byteset)[(size_t)(h[l - 1]) / (8 * sizeof (byteset))] & (size_t)1 << ((size_t)(h[l - 1]) % (8 * sizeof (byteset)));
** Take the true branch. ;
12、kernal_liteos_a/lib/libc/musl/src/string/strstr.c
line 110:k = l-shift[h[l-1]];
l = 0 ; The operand has undefined value. l - shift[h[l - 1]]
kernal_liteos_a/lib/libc/musl/src/string/strstr.c中
line 110: k = l-shift[h[l-1]];
The operand has undefined value. l - shift[h[l - 1]];
存在执行路径使得 ,l=0 ,即shift[h[l-1]为不合法操作数;
经分析该问题为误报。
首先,strstr
在入口已经校验字符串n
长度不为0 :
https://gitee.com/openharmony/third_party_musl/blob/a6919e3f97196587fe623f0cfe0d834857a83628/kernel/src/string/strstr.c#L141
其次,twoway_strstr
在入口也校验了字符串h
长度不小于n
长度,因此l
不会为0。
https://gitee.com/openharmony/third_party_musl/blob/a6919e3f97196587fe623f0cfe0d834857a83628/kernel/src/string/strstr.c#L43
最后, twoway_strstr
为static方法,仅被本文件中的strstr
函数调用,综上,此问题为误报。
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
登录 后才可以发表评论