diff options
| author | jvoisin | 2026-05-01 00:36:32 +0200 |
|---|---|---|
| committer | jvoisin | 2026-05-01 00:44:53 +0200 |
| commit | ddd22b2f533db9c0da0bb262fbafa51f67c8587e (patch) | |
| tree | d319dab03de20929f95ccf7f9bec8c428ab6a66b /include/string.h | |
| parent | d6105aba5fd791e8d3f069e771517cdb947b5604 (diff) | |
Fix strncat/wcsncat
Previously, no checks were done when __n <= __b, but strncat _appends_ after
existing content, making this a overly broad check check. For example, with an
8-byte buffer containing "12345\0", strncat(buf, "ABCD", 4) would have the
check skipped, but the result "12345ABCD\0" is 10 bytes, resulting in an
overflow.
This commit fixes this oversight, and adds a bunch of tests.
Diffstat (limited to 'include/string.h')
| -rw-r--r-- | include/string.h | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/include/string.h b/include/string.h index 23f598c..44206f0 100644 --- a/include/string.h +++ b/include/string.h | |||
| @@ -140,14 +140,12 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s, | |||
| 140 | size_t __b = __bos(__d, 0); | 140 | size_t __b = __bos(__d, 0); |
| 141 | size_t __sl, __dl; | 141 | size_t __sl, __dl; |
| 142 | 142 | ||
| 143 | if (__n > __b) { | 143 | __sl = strlen(__s); |
| 144 | __sl = strlen(__s); | 144 | __dl = strlen(__d); |
| 145 | __dl = strlen(__d); | 145 | if (__sl > __n) |
| 146 | if (__sl > __n) | 146 | __sl = __n; |
| 147 | __sl = __n; | 147 | if (__sl + __dl + 1 > __b) |
| 148 | if (__sl + __dl + 1 > __b) | 148 | __builtin_trap(); |
| 149 | __builtin_trap(); | ||
| 150 | } | ||
| 151 | return __orig_strncat(__d, __s, __n); | 149 | return __orig_strncat(__d, __s, __n); |
| 152 | } | 150 | } |
| 153 | 151 | ||