Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gskit: make sure to terminate version string #3105

Closed

Conversation

danielgustafsson
Copy link
Member

In case a very small buffer was passed to the version function, it could result in the buffer not being NULL-terminated since strncpy() doesn't guarantee a terminator on an overflowed buffer. Rather than adding code to terminate (and handle zero-sized buffers), move to using snprintf() instead like all the other vtls backends.

In case a very small buffer was passed to the version function, it could
result in the buffer not being NULL-terminated since strncpy() doesn't
guarantee a terminator on an overflowed buffer. Rather than adding code
to terminate (and handle zero-sized buffers), move to using snprintf()
instead like all the other vtls backends.
Copy link
Member

@bagder bagder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. strncpy should only be used with extreme caution!

@lock lock bot locked as resolved and limited conversation to collaborators Jan 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants