diff options
| author | jvoisin | 2026-05-01 00:36:32 +0200 |
|---|---|---|
| committer | jvoisin | 2026-05-01 00:44:53 +0200 |
| commit | ddd22b2f533db9c0da0bb262fbafa51f67c8587e (patch) | |
| tree | d319dab03de20929f95ccf7f9bec8c428ab6a66b /tests/test_wcsnrtombs_dynamic.c | |
| parent | d6105aba5fd791e8d3f069e771517cdb947b5604 (diff) | |
Fix strncat/wcsncat
Previously, no checks were done when __n <= __b, but strncat _appends_ after
existing content, making this a overly broad check check. For example, with an
8-byte buffer containing "12345\0", strncat(buf, "ABCD", 4) would have the
check skipped, but the result "12345ABCD\0" is 10 bytes, resulting in an
overflow.
This commit fixes this oversight, and adds a bunch of tests.
Diffstat (limited to 'tests/test_wcsnrtombs_dynamic.c')
| -rw-r--r-- | tests/test_wcsnrtombs_dynamic.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/tests/test_wcsnrtombs_dynamic.c b/tests/test_wcsnrtombs_dynamic.c index 808c9c8..28b03bf 100644 --- a/tests/test_wcsnrtombs_dynamic.c +++ b/tests/test_wcsnrtombs_dynamic.c | |||
| @@ -14,9 +14,7 @@ int main(int argc, char** argv) { | |||
| 14 | srcp = src; | 14 | srcp = src; |
| 15 | wcsnrtombs(buffer, &srcp, 4, 4, &st); | 15 | wcsnrtombs(buffer, &srcp, 4, 4, &st); |
| 16 | 16 | ||
| 17 | /* Unsafe: ask to write argc (10) bytes into 8-byte buffer. | 17 | /* Unsafe: ask to write argc (10) bytes into 8-byte buffer. */ |
| 18 | * Before the fix, the first branch incorrectly divided the byte-sized | ||
| 19 | * buffer capacity by sizeof(wchar_t), making the check too permissive. */ | ||
| 20 | CHK_FAIL_START | 18 | CHK_FAIL_START |
| 21 | srcp = src; | 19 | srcp = src; |
| 22 | memset(&st, 0, sizeof(st)); | 20 | memset(&st, 0, sizeof(st)); |