Hi Pablo,
On 18/02/21 1:00 am, Pablo Neira Ayuso wrote:
Hi Maya,
On Wed, Feb 17, 2021 at 10:45:45PM +0200, Maya Rashish wrote:
Our string isn't NUL-terminated. To avoid reading past
the last character, use strndup.
Is this a theoretical problem or some static analisys tool is
reporting out-of-bound memread?
As background, I had a difficult to diagnose stack corruption
with a patched older version. I was hoping it'd just show up
by running the tests with address sanitizer (I edited the
Makefiles to add CFLAGS=-fsanitize=address and LDFLAGS=-lasan
after configure) but it didn't.
Address sanitizer usually reports actual problems, it runs the
actual code with some elaborate memory map tricks that lets it
detect violations.
But might as well make the tests all run without complaints
from address sanitizer while I am doing this.
