On 6/10/17, kowlsd3pw...@yahoo.co.jp <kowlsd3pw...@yahoo.co.jp> wrote: > src/wikiformat.c : is_ticket > > in_this_repo is checked whether n is maximum size of char array, > > https://www.fossil-scm.org/index.html/artifact?ln=1090-1092&name=1616c95201d38f46 > > but is_ticket is not checked whether n is the maximum size of char array > before call memcpy. > > https://www.fossil-scm.org/index.html/artifact?ln=1117-1118&name=1616c95201d38f46
For the one and only call to is_ticket(), the zUuid value has already returned true for is_valid_uuid(), so we know already that it is not over-length. That is not true for the call to in_this_repo() - it has not passwed is_valid_uuid() and might be over-length. -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users