Neuter an issue in strncat2.3.3

`strlen(src)` isn't guaranteed to be valid.

3 files changed, 9 insertions, 2 deletions

diff --git a/include/string.h b/include/string.h
index 89bf25e..2e2b29c 100644
--- a/include/string.h
+++ b/include/string.h
@@ -287,6 +287,7 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
 #if __has_builtin(__builtin___strncat_chk) && FORTIFY_USE_NATIVE_CHK
         return __builtin___strncat_chk(__d, __s, __n, __fh_bos(__d, 0));
 #else
+#if 0 // strlen(__s) isn't guaranteed to be valid.
         __fh_size_t __b = __fh_bos(__d, 0);
 
         if (__n > __b) {
@@ -297,6 +298,7 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
                 if (__sl + __dl + 1 > __b)
                         __builtin_trap();
         }
+#endif
         return __orig_strncat(__d, __s, __n);
 #endif
 }
diff --git a/tests/test_strncat_dynamic_write.c b/tests/test_strncat_dynamic_write.c
index c538339..d5c5a94 100644
--- a/tests/test_strncat_dynamic_write.c
+++ b/tests/test_strncat_dynamic_write.c
@@ -7,9 +7,11 @@ int main(int argc, char** argv) {
   strncat(buffer, "1234567", 5);
   puts(buffer);
 
+#if 0
   CHK_FAIL_START
   strncat(buffer, argv[1], argc);
   CHK_FAIL_END
+#endif
 
   puts(buffer);
   return ret;
diff --git a/tests/test_strncat_static_write.c b/tests/test_strncat_static_write.c
index 9332adc..7fe89ff 100644
--- a/tests/test_strncat_static_write.c
+++ b/tests/test_strncat_static_write.c
@@ -4,12 +4,15 @@
 
 int main(int argc, char** argv) {
   char buffer[8] = {0};
-  strncat(buffer, "1234567", 5);
+  char src[] = {'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
+  strncat(buffer, src, 5);
   puts(buffer);
 
+#if 0
   CHK_FAIL_START
-  strncat(buffer, "1234567890", 10);
+  strncat(buffer, src, 10);
   CHK_FAIL_END
+#endif
 
   puts(buffer);
   return ret;