My patch is not fine (because of the switch case error I introduced). What I meant is that _tcscpy() is only dangerous if either the source buffer is not 0 terminated, or the source buffer is 0 terminated but the destination buffer is too small.
After further inspection of the original code, I believe it only runs _tcscpy() on 0 terminated source buffers, and correctly takes care of allocating destination buffers big enough so that they cannot be overrun. That's why I believe the original code is ok and does not need to be patched. -- Include libmsn in main https://bugs.launchpad.net/bugs/308060 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
