commit | 94a15119b2fe50a076f73e502566895e357b77ff | [log] [tgz] |
---|---|---|
author | Cody Wong <codycswong@google.com> | Sun Oct 22 19:45:13 2023 +0800 |
committer | Travis Geiselbrecht <travisg@gmail.com> | Sat Nov 04 13:16:24 2023 -0700 |
tree | e00fd6189485ac311ab2a4c085d5bd4f47bfd119 | |
parent | ec261bcf45459c0f1d95151b6cfb33910098420c [diff] |
[libc][string] fix strncpy potential buffer overflow The wrong placement of the increment for index `i` causes an unexpected behavior, which the `strncpy` writes an extra '\0'. For example: The `src` string is "abc". The buffer size of `dest` is 5. When we call `strncpy(dest, src, 5)`, the first `for` loop copies the characters, 'a', 'b', and 'c', to the `dest[0:2]`. In the 4th iteration, however, the `for` loop breaks due to the termination of `src` whereas the value of `i` stays 3. At the moment, it has copied 4 bytes, including the '\0' of `src`. In the second `for` loop, we have `i = 3` and `count = 5`, so the loop copies two more '\0' to the `dest`. As a result, the `strncpy` copies 6 bytes to the `dest` buffer, leading to buffer overflow. Fix the issue by increasing the index `i` before every copy. Signed-off-by: Cody Wong <codycswong@google.com>
The LK kernel is an SMP-aware kernel designed for small systems ported to a variety of platforms and cpu architectures.
See https://github.com/littlekernel/lk for the latest version.
This will get you a interactive prompt into LK which is running in qemu arm machine 'virt' emulation. type 'help' for commands.
Note: for ubuntu x86-64: sudo apt-get install gcc-arm-none-eabi or fetch a prebuilt toolchain from https://newos.org/toolchains/x86_64-elf-10.2.0-Linux-x86_64.tar.xz