LibTiff Mailing List

On Sun, 11 Jul 2010, Albert Cahalan wrote:
>>
>> I tend to agree except for the fact that strlcpy() does absolutely assure
>> null termination, even if the programmer made an error.
>
> Uh oh. You have failed to consider the case of a zero-sized buffer.
> If your strlcpy overflows with a NUL byte, then it may corrupt a
> function pointer. If it doesn't, but you rely on getting a NUL byte,
> your app code may leak data by read-overflowing as the 0-byte
> "string" gets copied elsewhere.

Thanks for the review.  While a size of zero is useless for 
GraphicsMagick's purposes, I will add support for it in the code in 
case it gets used by some other package.

Bob
-- 
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive July 2010 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2010.07.08 16:25 "strlcpy vs strncpy", by Bob Friesenhahn 2010.07.08 18:03 "Re: strlcpy vs strncpy", by Lee Howard 2010.07.08 18:06 "Re: strlcpy vs strncpy", by Olivier Paquet 2010.07.11 17:36 "Re: strlcpy vs strncpy", by Edward Lam 2010.07.12 19:30 "strncpy in tiffcrop", by Richard Nolde 2010.07.12 20:31 "Re: strncpy in tiffcrop", by Edward Lam 2010.07.10 11:04 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.10 13:27 "Re: strlcpy vs strncpy", by Kevin Myers 2010.07.10 13:50 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 07:34 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 08:06 "Re: strlcpy vs strncpy", by Toby Thain 2010.07.11 14:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.10 13:39 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 08:18 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 16:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.12 17:34 "Re: strlcpy vs strncpy", by Dmitry V Levin 2010.07.12 18:13 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 16:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn On Sun, 11 Jul 2010, Albert Cahalan wrote: >> >> I tend to agree except for the fact that strlcpy() does absolutely assure >> null termination, even if the programmer made an error. > > Uh oh. You have failed to consider the case of a zero-sized buffer. > If your strlcpy overflows with a NUL byte, then it may corrupt a > function pointer. If it doesn't, but you rely on getting a NUL byte, > your app code may leak data by read-overflowing as the 0-byte > "string" gets copied elsewhere. Thanks for the review. While a size of zero is useless for GraphicsMagick's purposes, I will add support for it in the code in case it gets used by some other package. Bob -- Bob Friesenhahn bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/

LibTiff Mailing List

Thread

2010.07.11 16:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn