[klibc] [PATCH 0/2] Correct various strndup() problems
Romain Izard
romain.izard.pro at gmail.com
Fri Jun 24 02:01:08 PDT 2011
The current implementation of strndup() has some shortcomings that can
lead to a fatal error.
- If we pass a maximum string length larger than the copied length, we
will corrupt some data beyond the end of the newly allocated buffer.
- The maximum length does not prevent access to memory beyond the
maximum length, which can lead to unexpectd errors with strings not
terminated by 0.
Romain Izard (2):
strndup(): Fix out of bounds read access
strndup(): Do not corrupt the memory pool
usr/klibc/strndup.c | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
More information about the klibc
mailing list