On Sat, Feb 22, 2020 at 4:05 AM Rob Landley <[email protected]> wrote: > > On 2/21/20 11:10 AM, enh via Toybox wrote: > > Sadly, the compilers don't even catch this common mistake if you use > > sscanf_s(3). Luckily, ASan does. > > I haven't given the build-time stuff the same level of scrutiny the runtime > stuff gets because it's not deployed on target so presumably not as > exploitable. > (And because it's not building with the full toybox lib/*.c infrastructure and > is working with known fixed inputs, so there's a lot of half-assed "read into > a > static buffer" and such going on, which this is an instance of.) > > At least I bounds-checked it. :)
yeah, that's what makes scanf's %s and friends such an "unsafe at any speed" API. i usually encourage Android folks to use %ms etc instead and just let libc allocate. > Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
