[pacman-dev] [PATCH] Prevent stack overflow on symbolic link access.
tobias at stoeckmann.org
Fri Jun 10 05:32:18 UTC 2016
> On June 10, 2016 at 2:38 AM Andrew Gregory <andrew.gregory.8 at gmail.com> wrote:
> strlen doesn't count the terminating NUL, so strlen(x) + 1 is at most
> the size of the array, which by definition has to fit into a size_t.
Then take the typical "len = strlen(a) + strlen(b) + 1" followed by malloc and
And check your typical strlen implementation which would have to be a strnlen
with SIZE_MAX then.
These implementations are not around. For good reasons.
More information about the pacman-dev