[pacman-dev] [PATCH] pacman/callback: fix buffer over-read
Andrew Gregory
andrew.gregory.8 at gmail.com
Sat Aug 3 15:55:43 UTC 2019
On 08/03/19 at 01:27am, László Várady wrote:
> Commit 11ab9aa9f5f0f3873df89c73e8715b82f485bd9b replaced a strcpy() call
> with memcpy(), without copying the terminating null character.
>
> Since fname is allocated with malloc(), subsequent strstr() calls will
> overrun the buffer's boundary.
>
> Signed-off-by: László Várady <laszlo.varady93 at gmail.com>
ACK.
More information about the pacman-dev
mailing list