Junio, good day! > > Spotted another memory overrun in the http-push.c. In principle, > > it is the read-only overrun, but it provokes the coredump on my > > system. The problem is that strlcpy(dst, src, size) returns the > > length of the 'src' and demands it to be NULL-terminated (see > > 'man strlcpy' and http://www.gratisoft.us/todd/papers/strlcpy.html). > > It is not the case for the xml_cdata and possibly other places. So > > I've just replaced strlcpy with memcpy + zero termination all over > > the http-push.c. The patch is below. > > Please check Documentation/SubmittingPatches. Thanks, just read and enlightened. > Use of strlcpy() in general _is_ stupid if you are computing how > much space is needed, allocating that much as your own buffer > and then copying. strlcpy() needs to say how much it would have > copied if it were given large enough buffer, and it needs to be > able to run strlen(src), so it is not valid to give a buffer > that may not be NUL-terminated as you say. Yes, you're perfectly right: the strncpy, bcopy or memcpy + zero-termination are preferrable in this situation. -- Eygene - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html