tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ssp, __strcpy_ck: just to be sure



On Tue, Nov 17, 2020 at 10:16:47AM -0500, Greg Troxel wrote:
> 
> tlaronde%polynum.com@localhost writes:
> 
> > But then I realized that I have not changed the offending line: the
> > strcpy() call since there was no overflow problem: it was doing inplace
> > rewrite, suppressing a prefix (doing basename(1) essentially).
> 
> Not sure what "inplace" means, but it sounds like it runs afoul of:

simply something like : strcpy(buf, buf + shift);

you are simply shifting bytes left suppressing a prefix (note: I didn't
write the original code; it is the afm2tfm(1) utility in kerTeX).

> 
>   If copying takes place between objects that overlap, the behavior is
>   undefined.
> 
> and thus it is fair to alert on it.

Yes, but the question was that it alerts only with arrays---but this is
perhaps simply because it would be too costly to call strlen(3) or
equivalent at runtime, and so, when the size is not known at compilation
time, the alert doesn't work.

> 
> See:
> 
> https://pubs.opengroup.org/onlinepubs/9699919799/functions/strcpy.html
> 
> and there is similar language in our man page.



-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
                       http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C


Home | Main Index | Thread Index | Old Index