evanrelf
commented
3 years ago I built grpc-haskell-core with -fsanitize=address and -fsanitize=undefined passed to gcc, before and after applying the fix, and the sanitizer output confirms that a buffer overflow was fixed 🎉
(Though the tests still fail with the fix applied and the sanitizers enabled, due to memory leaks we haven't fixed... 🙃)
strlenreturns the index of the null terminator of the string, somallocing that many bytes will be 1 less than needed to copy the string. The subsequentstrcpywill overflow the buffer when copying the null terminator.Unfortunately, I am still unable to run the package test suite to truly verify this change, but it does now compile for me without the nebulous
gccwarnings.