[klibc] [PATCH 0/2] Correct various strndup() problems

Romain Izard romain.izard.pro at gmail.com
Fri Jun 24 02:01:08 PDT 2011

The current implementation of strndup() has some shortcomings that can
lead to a fatal error.

 - If we pass a maximum string length larger than the copied length, we
   will corrupt some data beyond the end of the newly allocated buffer.

 - The maximum length does not prevent access to memory beyond the
   maximum length, which can lead to unexpectd errors with strings not
   terminated by 0.

Romain Izard (2):
  strndup(): Fix out of bounds read access
  strndup(): Do not corrupt the memory pool

 usr/klibc/strndup.c |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

More information about the klibc mailing list