Subject: Re: exploit with memcpy()
To: None <email@example.com>
From: Christos Zoulas <firstname.lastname@example.org>
Date: 07/02/2002 14:22:20
In article <20020702135555.3E9844B24@coconut.itojun.org>,
>>> If I count correctly, you just made memcpy() slow down by about 10%.
>>I don't think so.
>> - The check is at the outside of the loop.
>> - It is done only if the destination address < the source address (+length)
>> - Many applications uses gcc's builtin memcpy().
> unluckily the 3rd bullet means that the patch won't take effect
> to most of the binaries, am i right? do we want to modify gcc to
> generate the change you've proposed?
I think it is the responsibility of the caller to check the validity of
the arguments. In my opinion, this falls into the category: should strcpy()
check for NULL arguments?