[ros-bugs] [Bug 4987] New: possible buffer overrun detected
ReactOS.Bugzilla at reactos.org
ReactOS.Bugzilla at reactos.org
Sat Dec 5 13:33:45 CET 2009
http://www.reactos.org/bugzilla/show_bug.cgi?id=4987
Summary: possible buffer overrun detected
Product: ReactOS
Version: TRUNK
Platform: QEmu
OS/Version: ReactOS
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: Networking
AssignedTo: ros-bugs at reactos.org
ReportedBy: ettl.martin at gmx.de
QAContact: ros-bugs at reactos.org
CC: aicommander at gmail.com
Hi,
during a check with the static code analysis tool cppcheck, i found an issue
that can lead to buffer overruns. Cppcheck warned about the following issue in
file reactos/base/applications/network/telnet/src/tnmisc.cpp at line 144:
char filename[128];
strncpy(filename, icondir, sizeof(filename));
strncat(filename, "telnet.ico", sizeof(filename));
filename[sizeof(filename) - 1] = 0;
Here strncpy is followed by strncat. I guess the programmer was not aware that
strncpy does not nullterminate the string. But strncat needs a nullterminated
string to correctly attach the "telnet.ico". This can lead to undefined
behaviour!!
References:
http://www.cplusplus.com/reference/clibrary/cstring/strncat/
http://www.cplusplus.com/reference/clibrary/cstring/strncpy/
http://sourceforge.net/apps/trac/cppcheck/ticket/984
Best regards
Martin Ettl
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the Ros-bugs
mailing list