snprintf, strncpy possible buffer overflow errors...

kukugt / mupen64plus

Automatically exported from code.google.com/p/mupen64plus

0 stars 0 forks source link

snprintf, strncpy possible buffer overflow errors... #109

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Due to the large number of these errors, it should be clear that the sn 
functions don't automatically null terminate. Hence code of this form:

buffer[1024];
snprintf(buffer, 1024, ...);

should be

buffer[1024];
snprintf(buffer, 1023, ...);
buffer[1023] = '\0';

Original issue reported on code.google.com by sknau...@wesleyan.edu on 13 Jun 2008 at 3:12

GoogleCodeExporter commented 8 years ago

[deleted comment]

GoogleCodeExporter commented 8 years ago

Note: This is also wring. snprintf needs the NULL for win32. 
http://www.winehq.org/pipermail/wine-devel/2003-November/022493.html

Original comment by sknau...@wesleyan.edu on 12 Oct 2008 at 4:34

GoogleCodeExporter commented 8 years ago

Just to clarify, this is correct:

buffer[1024];
    snprintf(buffer, sizeof(buffer), ...);
or
    snprintf(buffer, 1024, ...);
buffer[1023] = '\0'

Original comment by sknau...@wesleyan.edu on 12 Oct 2008 at 4:50

GoogleCodeExporter commented 8 years ago

This should mostly if not totally be fixed now.

Original comment by richard...@gmail.com on 11 Jan 2010 at 3:58

Changed state: Fixed