]> git.ipfire.org Git - thirdparty/zstd.git/commit
Fixed unsafe string copy and concat in `fileio.c`. 1290/head
authorEden Zik <ezik@fb.com>
Tue, 21 Aug 2018 02:15:24 +0000 (22:15 -0400)
committerEden Zik <ezik@fb.com>
Tue, 21 Aug 2018 02:15:24 +0000 (22:15 -0400)
commit78af534f82e32277d3272881d4351363ab1e3488
tree5f2736164ad6f1c49ebb8baf9bcfe3f3450f4c37
parent973a8d42c794f7a293ba29debd13adaf3270782d
Fixed unsafe string copy and concat in `fileio.c`.

Per warnings from flawfinder: "Does not check for buffer overflows when
copying to destination [MS-banned] (CWE-120). Consider using snprintf,
strcpy_s, or strlcpy (warning: strncpy easily misused).".

Replaced called to strcpy and strcat in `fileio.c` to calls with a
specified size (`strncpy` and `strncat`).

Tested the changes on OSX, Linux, Windows.
On OSX + Linux, changes were tested with ASAN. The following flags were
used: 'check_initialization_order=1:strict_init_order=1:detect_odr_violation=1:detect_stack_use_after_return=1'

To reproduce warning:
./flawfinder.py ./programs/fileio.c
programs/fileio.c
tests/.gitignore