Skip to content
This repository has been archived by the owner on Jul 4, 2023. It is now read-only.

LLVM: Buffer Copy without Checking Size of Input (CWE-120) #5

Closed
mmaraya opened this issue Dec 12, 2015 · 0 comments
Closed

LLVM: Buffer Copy without Checking Size of Input (CWE-120) #5

mmaraya opened this issue Dec 12, 2015 · 0 comments
Assignees
@mmaraya
Labels
bug security

Comments

@mmaraya
Copy link
Owner

mmaraya commented Dec 12, 2015 

cmds.c:1838:24: warning: the value of the size argument in 'strncat' is too large, might lead to a buffer overflow [-Wstrncat-size]
                        strncat(buf, *argv, sizeof(buf)-strlen(buf));
                                            ^~~~~~~~~~~~~~~~~~~~~~~
cmds.c:1838:24: note: change the argument to be the free space in the destination buffer minus the terminating null byte
                        strncat(buf, *argv, sizeof(buf)-strlen(buf));
                                            ^~~~~~~~~~~~~~~~~~~~~~~
                                            sizeof(buf) - strlen(buf) - 1
@mmaraya mmaraya self-assigned this Dec 12, 2015
@mmaraya mmaraya removed their assignment Jan 2, 2016
@mmaraya mmaraya self-assigned this Jan 15, 2016
@mmaraya mmaraya changed the title cmds.c:1838: size argument in 'strncat' is too large cmds.c:1838: size argument in 'strncat' is too large (CWE-120) Feb 13, 2016
@mmaraya mmaraya changed the title cmds.c:1838: size argument in 'strncat' is too large (CWE-120) LLVM: Buffer Copy without Checking Size of Input (CWE-120) Feb 29, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mmaraya mmaraya

Labels
bug security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mmaraya