Secure Coding mailing list archives
Re: Spot the bug
From: Pascal Meunier <pmeunier () cerias purdue edu>
Date: Wed, 20 Jul 2005 00:38:40 +0100
There's a third one that nobody has caught, because you don't know if pszSrc is null-terminated, so your program can crash due to a protected memory error. The copy operation should be: strncpy(szDest,pszSrc, min(MAX, pszSrc_size)-1); assuming the size of pszSrc is pszSrc_size. Few people seem to be aware of the possible problems caused by *reading* an unterminated string. Do you feel lucky (that there will be another NULL somewhere, before reading off in outer space)? So, I tend to agree, getting "C" calls correct is tedious, and that encourages risky coding. Cheers, Pascal On 7/19/05 11:34 AM, "ljknews" <[EMAIL PROTECTED]> wrote:
The overarching bug seems to be the assertion that there is only one bug, since those offering comments found two right off. The less excusable of the two bugs appears at first glance to be an out of bounds reference to an array, but on reflection is an error in choice of programming language. -- Larry Kilgallen
Current thread:
- Spot the bug Mark Curphey (Jul 19)
- Re: Spot the bug ljknews (Jul 19)
- Re: Spot the bug Pascal Meunier (Jul 19)
- Re: Spot the bug Dave Aronson (Jul 21)
- Re: Spot the bug der Mouse (Jul 19)
- Re: Spot the bug Blue Boar (Jul 19)
- Re: Spot the bug der Mouse (Jul 21)
- Re: Spot the bug Blue Boar (Jul 19)
- Re: Spot the bug John Steven (Jul 19)
- Re: Spot the bug Christopher Canova (Jul 20)
- Re: Spot the bug Dave Aronson (Jul 21)
- Re: Spot the bug Christopher Canova (Jul 20)
- <Possible follow-ups>
- RE: Spot the bug Michael Howard (Jul 21)
- Re: Spot the bug ljknews (Jul 19)