You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code uses strcpy to write data in an error buffer passed at runtime, but there is no way for the caller to know the buffer size that will be needed.
Using this feature is thus insecure, even if it can be worked around by using absurdly large buffers.
The strncpy function would require C99, same for memcpy. I do not know if C98 have any way of doing this safely.
The text was updated successfully, but these errors were encountered:
The code uses
strcpy
to write data in an error buffer passed at runtime, but there is no way for the caller to know the buffer size that will be needed.Using this feature is thus insecure, even if it can be worked around by using absurdly large buffers.
The
strncpy
function would require C99, same formemcpy
. I do not know if C98 have any way of doing this safely.The text was updated successfully, but these errors were encountered: