https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7304

--- Comment #1 from Karsten Br├Ąckelmann <guent...@rudersport.de> ---
Thanks Hanno for the report. However, I believe the described issue to not be a
problem.

First of all, the memcmp function does not "read all bytes of both variables",
but compares the source strings' raw memory byte-for-byte, up until the first
mismatching byte or the maximum byte number is reached.

The spamc.c longoptions[] name members are null terminated C strings. In the
case of a command-line argument longer than the compared-to longopts[i].name
string, that null char will definitely terminate memcmp, preventing
out-of-bounds operation. (With no earlier character mismatch, that null char is
guaranteed to mis-match because null cannot be included in the command-line
argument.)

I believe this to be not a bug. Not closing just yet, though, open for
additional feedback.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to