[klibc] [PATCH 0/2] Correct various strndup() problems

H. Peter Anvin hpa at zytor.com
Fri Jun 24 14:46:58 PDT 2011


On 06/24/2011 02:01 AM, Romain Izard wrote:
> The current implementation of strndup() has some shortcomings that can
> lead to a fatal error.
> 
>  - If we pass a maximum string length larger than the copied length, we
>    will corrupt some data beyond the end of the newly allocated buffer.
> 
>  - The maximum length does not prevent access to memory beyond the
>    maximum length, which can lead to unexpectd errors with strings not
>    terminated by 0.
> 
> Romain Izard (2):
>   strndup(): Fix out of bounds read access
>   strndup(): Do not corrupt the memory pool
> 
>  usr/klibc/strndup.c |    7 +++----
>  1 files changed, 3 insertions(+), 4 deletions(-)
> 

Looks great, thanks!

	-hpa



More information about the klibc mailing list