Our strsep() function is slightly incorrect in that it leaves the
`stringp` pointer pointing to the terminating NUL byte after parsing the
last token. The man page for official implementations says:
> In case no delimiter was found, the token is taken to be the entire
> string *stringp, and *stringp is made NULL.
This doesn't affect things in practice much because we also
(incorrectly) return NULL when called with `**stringp == '\0'`, meaning
the usual pattern of calling `strsep()` in a row without checking
results first still works when there are less tokens than expected,
since we terminate early from that case instead. But it does break the
edge cases where the caller wants to check if there were extra bytes
beyond the last token (`stringp == NULL`), and where we call `strsep()`
on a pointer pointing directly to a terminating NUL byte already
(supposed to return an empty string but our implementation actually
returns NULL). It doesn't look like these edge cases occur anywhere in
current libpayload or depthcharge code.
This patch fixes the issue and also adds a unit test to ensure it
remains correct in the future. (Also move the definition of the `errno`
variable from lib.c into string.c, because `perror()` in string.c is the
only function that actually needs that, and the crazy linker error you
get when only linking one but not the other into a test will waste you
half an hour to figure out.)
Change-Id: I610b5117710c110bcba4fac2a0bb6c13f4f8d046
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88729
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
8097809c8a