--- Comment #4 from Kees Cook <kees at outflux dot net> ---
But it's optimizing away the check. If strlen() were suddenly acting like
strnlen(), that'd be one thing, but the return value from strlen() is being
used by the memcpy() without the actual test in between. That's not sensible.

Reply via email to