130020 - Prototypes for many PL_str*() functions return |char *|-pointers for data passed as |const char *|

Status: NEW

(NSPR :: NSPR, defect)

Description

[Roland Mainz]

I found a issue in most of the NSPR functions which can lead to hard-to-find
accidental data corruption and other evil issues:
Many of the string functions in NSPR return a |char *| pointer to data which
were passed as |const char *| - which may lead to hidden problems when code will
modify the returned (maybe a string which MUST be treated as |const|).

Example:
PL_strstr() is defined as
-- snip --
PR_EXTERN(char *) PL_strstr(const char *big, const char *little);
-- snip --
I think it may be better to define it as
-- snip --
PR_EXTERN(const char *) PL_strstr(const char *big, const char *little);
-- snip --

Comment 1

[Wan-Teh Chang]

This is a disturbing bug.  Fixing this
is sure to require changes to code using
NSPR.

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

The bug assignee didn't login in Bugzilla in the last 7 months.
:KaiE, could you have a look please?
For more information, please visit auto_nag documentation.

Comment 3

[Kai Engert [:KaiE:]]

Is this worth fixing?

Comment 4

[Kai Engert [:KaiE:]]

Would be great to get some help on this, probably a nontrivial amount of work triggered by API changes (as predicted by WTC).

Comment 5

[Sylvestre Ledru [:Sylvestre]]

if it has been around for 20 years, probably not...

Comment 6

[BugBot [:suhaib / :marco/ :calixte]]

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Comment 7

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:KaiE, could you have a look please?

For more information, please visit BugBot documentation.