This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Possible bug in fortified stpncpy

On 09 Aug 2015 10:19, Zack Weinberg wrote:
> On 08/08/2015 11:32 PM, Mike Frysinger wrote:
> > On 08 Aug 2015 17:06, Zack Weinberg wrote:
> >> [stpncpy] should call the runtime-checking function
> >> if __n is not constant, or if __n is known to be LARGER
> >> than the size of the destination.  Ne?
> > 
> > agreed.  feel like sending a patch ? :)
> Patch is attached.  In addition to the actual two-character bugfix, I
> enhanced debug/tst-chk1.c to catch this and similar bugs.

looks fine to me.  if no one else has feedback i'll push it in a bit.

> I suspect this needs to get backported as widely as possible.

i don't see why.  it's simply expanding checking coverage, not fixing a
function call that actively exploits things.  it's also a fix to the API
so any code that wants to take advantage of it needs to be recompiled.

i would cherry pick to 2.22 because that was just branched, but that's it.

Attachment: signature.asc
Description: Digital signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]