moonchen commented on code in PR #12613:
URL: https://github.com/apache/trafficserver/pull/12613#discussion_r2461468216
##########
include/tscore/ink_inet.h:
##########
@@ -323,9 +323,10 @@ inline void
ats_unix_append_id(sockaddr_un *s, int id)
{
char tmp[16];
- int cnt = snprintf(tmp, sizeof(tmp), "-%d", id);
- if (static_cast<size_t>(ats_unix_path_len(s) + cnt) < TS_UNIX_SIZE) {
- strncat(s->sun_path, tmp, cnt);
+ int cnt = snprintf(tmp, sizeof(tmp), "-%d", id);
Review Comment:
snprintf can return a negative error or a value >= sizeof(tmp) when
truncated. I recommend early return for cnt < 0 and either clamp cnt to
sizeof(tmp)-1 before copying from tmp or write directly into sun_path with the
remaining capacity; otherwise memcpy may read past tmp and cause UB.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
