Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150808164445.GI14639@brightrain.aerifal.cx>
Date: Sat, 8 Aug 2015 12:44:45 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] fix failure of tempnam to null-terminate result

On Sat, Aug 08, 2015 at 06:38:52PM +0200, Szabolcs Nagy wrote:
> * Szabolcs Nagy <nsz@...t70.net> [2015-08-08 18:29:19 +0200]:
> > 
> > but in the same function there is a possible overflow issue:
> > 
> > 	dl = strlen(dir);
> > 	pl = strlen(pfx);
> > 	l = dl + 1 + pl + 1 + 6;
> > 
> > if l overflows here then memcpy can overwrite the stack.
> > 
> 
> nevermind.. this cant happen
> 
> (largest string size possible is SIZE_MAX/2-PAGE_SIZE)
> 
> a comment may be useful there though..

Yes, generally we assume actual_size_1 + actual_size_2 + small_const
cannot overflow for exactly this reason.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.