Two instances of the following could be found in msgparse.c:
memset(outbuf, sizeof(outbuf), 0);
The latest gcc compiler warnings correctly point out that the arguments are reversed:
msgparse.c:868:5: warning: ‘memset’ used with constant zero length parameter; this could be due to transposed parameters [-Wmemset-transposed-args]
memset(outbuf, sizeof(outbuf), 0);
^
msgparse.c: In function ‘do_parse_mesg_2’:
msgparse.c:1200:31: warning: ‘memset’ used with constant zero length parameter; this could be due to transposed parameters [-Wmemset-transposed-args]
/* *outbuf = '\0'; */ memset(outbuf, sizeof(outbuf), 0);
Ignoring that sizeof(outbuf) decays into the size of a character (not an array), this is not the correct ordering of arguments if the goal is to overwrite outbuf with 0-bytes.
SYNOPSIS
#include \<string.h\>
void *memset(void *s, int c, size_t n);
DESCRIPTION
The memset() function fills the first n bytes of the memory area pointed to by s with the constant byte c.
Two instances of the following could be found in msgparse.c:
memset(outbuf, sizeof(outbuf), 0);The latest gcc compiler warnings correctly point out that the arguments are reversed:
Ignoring that sizeof(outbuf) decays into the size of a character (not an array), this is not the correct ordering of arguments if the goal is to overwrite outbuf with 0-bytes.