• Davi Arnaut's avatar
    Bug#48983: Bad strmake calls (length one too long) · b9380f0e
    Davi Arnaut authored
    The problem is a somewhat common misusage of the strmake function.
    The strmake(dst, src, len) function writes at most /len/ bytes to
    the string pointed to by src, not including the trailing null byte.
    Hence, if /len/ is the exact length of the destination buffer, a
    one byte buffer overflow can occur if the length of the source
    string is equal to or greater than /len/.
    b9380f0e
listener.cc 10.9 KB