blob: 9a21848acd1eee6dd1adb51bbd84cd950e451639 (
plain) (
blame)
1
2
3
4
5
6
7
8
|
Incorrect strncat use
`strncat` function's third argument limits amount of bytes read from source (second arg), and not maximal allowed size of destination buffer (first arg) - https://linux.die.net/man/3/strncat
If `HOME` envvar has length 4095, then 8 additional bytes will be written outside of buffer by the `strncat`.
https://github.com/ptitSeb/box64/blob/60c6858916aa9e5332fad5cb52c448893e5bd2ef/src/main.c#L1217-L1231
Moreover, `tmp` should be initialized with terminating nullbyte before call to the `strncpy` (because the last byte may be not-null, if not explicitly set), or the call should be `strncpy(tmp, p, 4096);` with additional null-termination after call to the `strncpy`.
|