[pacman-dev] [PATCH] Prevent stack overflow on symbolic link access.
Andrew Gregory
andrew.gregory.8 at gmail.com
Fri Jun 10 15:34:51 UTC 2016
On 06/10/16 at 07:32am, Tobias Stöckmann wrote:
>
> > On June 10, 2016 at 2:38 AM Andrew Gregory <andrew.gregory.8 at gmail.com> wrote:
> > strlen doesn't count the terminating NUL, so strlen(x) + 1 is at most
> > the size of the array, which by definition has to fit into a size_t.
>
> Then take the typical "len = strlen(a) + strlen(b) + 1" followed by malloc and
> snprintf.
Again, yes, that code is technically incorrect unless the programmer
knows it won't overflow. The fact that code like that does the right
thing 99% of the time is no excuse for it doing the wrong thing 1% of
the time.
> And check your typical strlen implementation which would have to be a strnlen
> with SIZE_MAX then.
>
> These implementations are not around. For good reasons.
Again, strlen operates on character arrays, the length of which must
fit into a size_t by definition.
More information about the pacman-dev
mailing list