From e2cfd2879a15db00dfa9a42eeb1baaef6a930aff Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Thu, 10 Oct 2024 15:50:40 +0200
Subject: Fix a crash in strncpy/stpncpy

```
Core was generated by `scripts/mod/modpost -M -m -o Module.symvers -n -T modules.order vmlinux.o'.
Program terminated with signal SIGSEGV, Segmentation fault.
warning: 17     src/string/strlen.c: No such file or directory
(gdb) bt
```

> I think strncpy logic is broken: `__fh_size_t max_len_s = strlen(__s);` may try read past `size_t __n`.
> Create a buf without any trailing `\0`, do `strncpy(dest, buf, sizeof(buf));`, it should work, since `strncpy` will stop at `sizeof buf`
> but the current fority-headers implementation will do `strlen(buf)`, which will go boom when it is not terminated with \0

Reported-by: ncopa
---
 tests/test_stpncpy_dynamic_write.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/test_stpncpy_dynamic_write.c')

diff --git a/tests/test_stpncpy_dynamic_write.c b/tests/test_stpncpy_dynamic_write.c
index 14f6fd9..d315ee8 100644
--- a/tests/test_stpncpy_dynamic_write.c
+++ b/tests/test_stpncpy_dynamic_write.c
@@ -3,7 +3,7 @@
 #include <string.h>
 
 int main(int argc, char** argv) {
-  char buffer[] = {'A', 'B', 'C', 'D', 'E', 'F', '\0'};
+  char buffer[] = {'A', 'B', 'C', 'D', 'E', 'F'};
 
   stpncpy(buffer, "1234567", 3);
   puts(buffer);
-- 
cgit v1.3