Hi, On Mon, Aug 11, 2025 at 11:11 AM Thorsten Blum <thorsten.b...@linux.dev> wrote: > > > ...so I looked a little deeper here to see if the buffer overflow was > > actually possible to begin with. Looking, I _think_ this is true: > > > > * `cp` is a pointer into `kdb_buffer` (location of first '\n') > > * `cphold` and `cp` are equal at this point. > > > > ...so you're guaranteed not to overflow because the destination and > > source overlap. ...but that means we shouldn't have been using > > strcpy() either way. Both strcpy() and strscpy() say that their > > behaviors are undefined if the src/dest overlap. This means that > > really the right fix is to use memmove(). > > Good catch. I read about the undefined behavior in the function comment, > but never encountered it and haven't really been looking out for it. > > > The above is based solely on code inspection w/ no testing. If I got > > it wrong, let me know. > > Yes, I just compile-tested it as I didn't expect src/dst to overlap. And > then my last-minute change to strlen() made it even worse. Sorry about > that. > > Are you going to fix it using memmove() or should I submit a v2?
Do you want to send a v2 that switches it to memmove()? -Doug _______________________________________________ Kgdb-bugreport mailing list Kgdb-bugreport@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kgdb-bugreport
