Eygene Ryabinkin <rea-git@xxxxxxxxxxx> writes: > Me again ;)) > > Spotted another memory overrun in the http-push.c. In principle, > it is the read-only overrun, but it provokes the coredump on my > system. The problem is that strlcpy(dst, src, size) returns the > length of the 'src' and demands it to be NULL-terminated (see > 'man strlcpy' and http://www.gratisoft.us/todd/papers/strlcpy.html). > It is not the case for the xml_cdata and possibly other places. So > I've just replaced strlcpy with memcpy + zero termination all over > the http-push.c. The patch is below. Please check Documentation/SubmittingPatches. Use of strlcpy() in general _is_ stupid if you are computing how much space is needed, allocating that much as your own buffer and then copying. strlcpy() needs to say how much it would have copied if it were given large enough buffer, and it needs to be able to run strlen(src), so it is not valid to give a buffer that may not be NUL-terminated as you say. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html