Closed Friede80 closed 3 years ago
I built grpc-haskell-core
with -fsanitize=address
and -fsanitize=undefined
passed to gcc
, before and after applying the fix, and the sanitizer output confirms that a buffer overflow was fixed 🎉
(Though the tests still fail with the fix applied and the sanitizers enabled, due to memory leaks we haven't fixed... 🙃)
strlen
returns the index of the null terminator of the string, somalloc
ing that many bytes will be 1 less than needed to copy the string. The subsequentstrcpy
will overflow the buffer when copying the null terminator.Unfortunately, I am still unable to run the package test suite to truly verify this change, but it does now compile for me without the nebulous
gcc
warnings.