On Mon, Dec 07, 2015 at 08:04:30PM +0000, Dave Zhu (yanbzhu) wrote: > One more thing :) > > Out of curiosity, I changed the code as specified in that bugzilla from: > > strncpy((char *)s_kt->name.key, trash.str, i); > > To > > node = &s_kt->name; > strncpy((char *)node->key, trash.str, i); > > And the code ran without an issue. I believe that this is the issue that > Bryan first saw, and that there isn¹t some malicious underlying memory > corruption that¹s happening here.
Yep, thanks for the pointer. So indeed gcc's inline version of strncpy *is* bogus. strncpy() has no right to guess the destination size. I suspect that if you just do this it would work (prefix the array with '&' and use [0] : strncpy((char *)&s_kt->name.key[0], trash.str, i); Thanks, Willy
