[Coco] getenv bug in cgfx explanation
Willard Goosey
goosey at virgo.sdc.org
Sat Dec 12 02:14:43 EST 2009
Humm, doing this backwards...
Anyway, the bug in the cgfx7 getenv() is that it does a
shortest-substring match on the request variable name. The easiest
way to demonstrate:
getenv("PALET10") returns the value of PALET1. Indeed,
getenv("PALET75") returns the value of PALET7!
New version fixes that by using a string-compare limited by the length
of the name it's searching for, not the length of the name we're
checking.
I am really amazed that no-one's caught this before.
I am equally befuddled by how best to distribute this.
And I appologize for the tone of my last message. I was... slightly
annoyed... but some food made it much better. :-)
Willard
--
Willard Goosey goosey at sdc.org
Socorro, New Mexico, USA
I search my heart and find Cimmeria, land of Darkness and the Night.
-- R.E. Howard
More information about the Coco
mailing list