|
Message-ID: <20150808164445.GI14639@brightrain.aerifal.cx> Date: Sat, 8 Aug 2015 12:44:45 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: [PATCH] fix failure of tempnam to null-terminate result On Sat, Aug 08, 2015 at 06:38:52PM +0200, Szabolcs Nagy wrote: > * Szabolcs Nagy <nsz@...t70.net> [2015-08-08 18:29:19 +0200]: > > > > but in the same function there is a possible overflow issue: > > > > dl = strlen(dir); > > pl = strlen(pfx); > > l = dl + 1 + pl + 1 + 6; > > > > if l overflows here then memcpy can overwrite the stack. > > > > nevermind.. this cant happen > > (largest string size possible is SIZE_MAX/2-PAGE_SIZE) > > a comment may be useful there though.. Yes, generally we assume actual_size_1 + actual_size_2 + small_const cannot overflow for exactly this reason. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.