[commit] objc-lang.c: avoid string overrun
Michael Snyder
msnyder@vmware.com
Mon Feb 28 18:27:00 GMT 2011
Pedro Alves wrote:
> On Monday 28 February 2011 02:15:47, Michael Snyder wrote:
>> {
>> - strcpy(myregexp, regexp);
>> + strncpy(myregexp, regexp, sizeof (myregexp) - 1);
>
> Such fixes ain't that much better. At the bare least, you'd
> need to null terminate the result, as strncpy does not do that
> for you if REGEXP is large enough --- strncpy was not
> designed as a safe strcpy. And then proceeding as if nothing
> happened when `myregexp' isn't large enough is just b0rked.
>
>> if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */
>> myregexp[strlen(myregexp) - 1] = ']'; /* end of method name */
>
Yes, Jan provided a more complete fix.
More information about the Gdb-patches
mailing list