| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 22 hours | Fix strncat/wcsncat | jvoisin | |
| Previously, no checks were done when __n <= __b, but strncat _appends_ after existing content, making this a overly broad check check. For example, with an 8-byte buffer containing "12345\0", strncat(buf, "ABCD", 4) would have the check skipped, but the result "12345ABCD\0" is 10 bytes, resulting in an overflow. This commit fixes this oversight, and adds a bunch of tests. | |||
| 29 hours | Fix a bug in wcsnrtombs | jvoisin | |
| __d is a char * destination buffer, so __b is already the byte capacity. Dividing by sizeof(wchar_t) makes no sense here, it was likely copy-pasted from mbsnrtowcs (where the destination is wchar_t *). The first branch also fails to limit __n (the byte write cap) to __b, so overflows are possible when a wide character produces multi-byte output. The second branch (else) correctly limits __n to __b. This commit replaces the broken two-branch logic with the simple correct pattern matching wcsrtombs, and adds two tests two prove that nothing broke. | |||
 |
index : fortify-headers | |
| Standalone portable header-based implementation of FORTIFY_SOURCE=3 |
| summaryrefslogtreecommitdiff |