Subject: Re: exploit with memcpy()
To: None <>
From: Christos Zoulas <>
List: tech-userlevel
Date: 07/02/2002 14:22:20
In article <>,
 <> wrote:
>>> If I count correctly, you just made memcpy() slow down by about 10%.
>>I don't think so.
>> - The check is at the outside of the loop.
>> - It is done only if the destination address < the source address (+length)
>> - Many applications uses gcc's builtin memcpy().
>	unluckily the 3rd bullet means that the patch won't take effect
>	to most of the binaries, am i right?  do we want to modify gcc to
>	generate the change you've proposed?

I think it is the responsibility of the caller to check the validity of
the arguments. In my opinion, this falls into the category: should strcpy()
check for NULL arguments?