tail: avoid theoretically undefined behavior

* src/tail.c (start_lines): Do not form potentially-invalid address. Use safe_read's return value as a pointer offset only after ensuring that it is not SAFE_READ_ERROR (size_t)(-1). Spotted by coverity. Also, move declaration of "p" to be closer to first use.
author: Jim Meyering <meyering@redhat.com> 2011-12-28 18:30:50 +0100
committer: Jim Meyering <meyering@redhat.com> 2011-12-28 18:53:32 +0100
commit: 6e00315bf290310895036fce979a7e0210871b63 (patch)
tree: 1a6f6861b0a7bac8d08dae7d3f72d085d256d2bf /src
parent: 3e7a1473ae41440bd5e8b62f0532ac99a112f7bd (diff)
download: coreutils-6e00315bf290310895036fce979a7e0210871b63.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/tail.c b/src/tail.c
index 4581845d1..5d86da2d4 100644
--- a/src/tail.c
+++ b/src/tail.c
@@ -848,9 +848,7 @@ start_lines (const char *pretty_filename, int fd, uintmax_t n_lines,
   while (1)
     {
       char buffer[BUFSIZ];
-      char *p = buffer;
       size_t bytes_read = safe_read (fd, buffer, BUFSIZ);
-      char *buffer_end = buffer + bytes_read;
       if (bytes_read == 0) /* EOF */
         return -1;
       if (bytes_read == SAFE_READ_ERROR) /* error */
@@ -859,8 +857,11 @@ start_lines (const char *pretty_filename, int fd, uintmax_t n_lines,
           return 1;
         }
 
+      char *buffer_end = buffer + bytes_read;
+
       *read_pos += bytes_read;
 
+      char *p = buffer;
       while ((p = memchr (p, '\n', buffer_end - p)))
         {
           ++p;
author	Jim Meyering <meyering@redhat.com>	2011-12-28 18:30:50 +0100
committer	Jim Meyering <meyering@redhat.com>	2011-12-28 18:53:32 +0100
commit	6e00315bf290310895036fce979a7e0210871b63 (patch)
tree	1a6f6861b0a7bac8d08dae7d3f72d085d256d2bf /src
parent	3e7a1473ae41440bd5e8b62f0532ac99a112f7bd (diff)
download	coreutils-6e00315bf290310895036fce979a7e0210871b63.tar.xz