On Thu, Oct 17, 2013 at 6:43 PM, Yann Ylavic <[email protected]> wrote:
> On Thu, Oct 17, 2013 at 6:19 PM, Jim Jagielski <[email protected]> wrote: > >> Need to look, but at 1st blush it looks like an >> off-by-1 error >> there. >> > > When source length >= dlen, apr_cpystrn() ensures dst[0:dlen - 1] == > src[0:dlen - 1], hence off-by-1 is useless. > Oups sorry, my bad, I misread apr_cpystrn(), the off-by-1 is needed and ((thelen < dlen-1) || !src[dlen - 1]) is the correct test. Yet the underflow when dlen is 0 is not very nice, maybe that could be checked before calling apr_cpystrn() and turned to an error. > Regards. > >
