Closed byannoni closed 7 years ago
The use of len - 1 in qtstrerror_r() could cause a buffer overrun in qtstrncpy() if len is 0.
len - 1
qtstrerror_r()
qtstrncpy()
This is not possible because the procedure checks if length is 0 before copying.
The use of
len - 1
inqtstrerror_r()
could cause a buffer overrun inqtstrncpy()
if len is 0.