On Mon, 23 Jan 2017 20:52:14 +0000 Gavin Smith <[email protected]> wrote:
> > I just tried it with -fsanitize=address and got the error. For some > > reason, the version of valgrind I have installed didn't see anything > > wrong. I don't have a fix yet. That's not surprising, valgrind can't find all the bug classes that address sanitizer finds. > The difference appears to be in how 'memcmp' is run. Apparently it can > access bytes after those that indicate a difference between the two > operands. I'm not sure if it should be valid to use 'memcmp' to check > if we are looking at a particular string within a valid area of > memory, but changing it to strncmp removes the problem. 'strncmp' > doesn't look at anything past a null byte at the end of the buffer. Yes, that's the right fix in such a case. You shouldn't overread with memcmp, strncmp will make sure that if you compare zero-terminated strings that it doesn't overread. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
