[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[screen-devel] [bug #66147] screen crashes in attacher.c:465 when compil
From: |
anonymous |
Subject: |
[screen-devel] [bug #66147] screen crashes in attacher.c:465 when compiled with FORTIFY_SOURCE=3 |
Date: |
Thu, 5 Sep 2024 16:27:32 -0400 (EDT) |
Follow-up Comment #3, bug #66147 (group screen):
Good point! As you mentioned, the ARRAY_SIZE macro will try to find the size
of the pointer to the array of unknown length, and will devolve to simply the
size of the pointer over the size of a char (8/1).
Upon further examination, the code change I suggested is simply limiting the
copy to 7 characters, which fixes the contrived test case of "screen -S test
-X stuff "ls" but does not allow strings larger than 7 now...
I can confirm that your suggestion of using strcpy instead of strncpy seems to
make the runtime buffer overflow go away, but may be undermining the point of
using FORTIFY_SOURCE=3, but I confess I'm not an expert in FORTIFY_SOURCE.
-Al C.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66147>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature