Date: Sun, 23 Oct 2022 01:46:22 -0400 From: Rich Felker <dalias@...c.org> To: Ismael Luceno <ismael@...ev.co.uk> Cc: musl@...ts.openwall.com Subject: Re: [PATCH] remove strdupa On Sat, Oct 22, 2022 at 03:57:23PM +0200, Ismael Luceno wrote: > There's no portable way to implement strdupa without double evaluation > of it's parameter, and it's use leads to vulnerabilities, since there's > no chance to check for stack overruns. > > Signed-off-by: Ismael Luceno <ismael@...ev.co.uk> > --- > include/string.h | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/include/string.h b/include/string.h > index 43ad0942edd5..65fe0d503004 100644 > --- a/include/string.h > +++ b/include/string.h > @@ -88,7 +88,6 @@ void explicit_bzero (void *, size_t); > #endif > > #ifdef _GNU_SOURCE > -#define strdupa(x) strcpy(alloca(strlen(x)+1),x) > int strverscmp (const char *, const char *); > char *strchrnul(const char *, int); > char *strcasestr(const char *, const char *); > -- > 2.38.1 Does anyone have strong opinions one way or the other on this -- especially distro folks who'd need to deal with the fallout? Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.