Patch Set 1: Code-Review-1 (2 comments)
https://gerrit.osmocom.org/#/c/3830/1/src/osmux.c File src/osmux.c: Line 941: /* This _snprintf() variant always nul-terminates the buffer. */ I still don't get why you say at least some variants of snprintf don't contain nul-terminated buffers. Line 945: buf[offset] = '\0'; in a given case, size=50 and offset=60 (buffer too small to contain everything) ---> buffer overflow. You probably mean here: buf[size-1] = '\0'; (and still need to check size>0). You probably need something like: if (size) { if (offset >= size) { if(buf[size-1] != '\0') offset--; buf[size-1] = '\0'; } else { buf[offset] = '\0'; } } -- To view, visit https://gerrit.osmocom.org/3830 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I97e517f2d98e83894ea707c63489559302ff6bd2 Gerrit-PatchSet: 1 Gerrit-Project: libosmo-netif Gerrit-Branch: master Gerrit-Owner: Pablo Neira Ayuso <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Pau Espin Pedrol <[email protected]> Gerrit-HasComments: Yes
