diff options
| author | jvoisin | 2026-05-01 00:36:32 +0200 |
|---|---|---|
| committer | jvoisin | 2026-05-01 00:44:53 +0200 |
| commit | ddd22b2f533db9c0da0bb262fbafa51f67c8587e (patch) | |
| tree | d319dab03de20929f95ccf7f9bec8c428ab6a66b /tests/test_strncat_static_write.c | |
| parent | d6105aba5fd791e8d3f069e771517cdb947b5604 (diff) | |
Fix strncat/wcsncat
Previously, no checks were done when __n <= __b, but strncat _appends_ after
existing content, making this a overly broad check check. For example, with an
8-byte buffer containing "12345\0", strncat(buf, "ABCD", 4) would have the
check skipped, but the result "12345ABCD\0" is 10 bytes, resulting in an
overflow.
This commit fixes this oversight, and adds a bunch of tests.
Diffstat (limited to 'tests/test_strncat_static_write.c')
| -rw-r--r-- | tests/test_strncat_static_write.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/tests/test_strncat_static_write.c b/tests/test_strncat_static_write.c index 7fe89ff..53d1532 100644 --- a/tests/test_strncat_static_write.c +++ b/tests/test_strncat_static_write.c | |||
| @@ -4,15 +4,15 @@ | |||
| 4 | 4 | ||
| 5 | int main(int argc, char** argv) { | 5 | int main(int argc, char** argv) { |
| 6 | char buffer[8] = {0}; | 6 | char buffer[8] = {0}; |
| 7 | char src[] = {'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'}; | 7 | strncat(buffer, "12345", 5); |
| 8 | strncat(buffer, src, 5); | ||
| 9 | puts(buffer); | 8 | puts(buffer); |
| 10 | 9 | ||
| 11 | #if 0 | 10 | /* n=4 is less than buffer size (8), but buffer already has 5 chars, |
| 11 | * so appending 4 more + NUL = 10 bytes total, overflowing the buffer. | ||
| 12 | */ | ||
| 12 | CHK_FAIL_START | 13 | CHK_FAIL_START |
| 13 | strncat(buffer, src, 10); | 14 | strncat(buffer, "ABCD", 4); |
| 14 | CHK_FAIL_END | 15 | CHK_FAIL_END |
| 15 | #endif | ||
| 16 | 16 | ||
| 17 | puts(buffer); | 17 | puts(buffer); |
| 18 | return ret; | 18 | return ret; |