Josh Triplett <josh@xxxxxxxxxxxxxxx> writes: > Daniel Barkalow wrote: > ... >> Good catch. Replacing the memcpy with strncpy solves this, right? >> (Potentially allocating a bit of extra memory if someone is actually using >> it on too short a string for some reason, of course). > > That would work, but it seems bad to allocate excess memory. How about just > using strlen and setting len to that if shorter, before doing the xmalloc and > memcpy? Yes, that makes two passes over the string, but I don't see any way > around that. Hand-rolling strnlen() would be needed anyway, because there is no guarantee that the incoming string is NUL terminated. In the worst case the string may point at a region of memory filled with non-NUL to the end, which coincides with a page boundary, and the next page may be an unmapped one; your strlen() would sigbus. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html