[rpm PATCH] Fix unterminated buffer after readlink() call

Thomas Jarosch thomas.jarosch at intra2net.com
Mon Oct 24 15:15:38 UTC 2011


On Sunday, 23. October 2011 14:12:34 you wrote:
> On 10/22/2011 12:05 AM, Thomas Jarosch wrote:
> > readlink() never terminates the buffer.
> > 
> > Detected by "cppcheck" (git HEAD)
> 
> Oh ugh. I suppose many implementations do terminate the buffer at least
> on success, otherwise this wouldn't have survived as long as it has.

Yeah, I asked myself the same question. I checked glibc's readlink() 
implementation and in fact it doesn't zero terminate the string.

Looks like we just got lucky.


While searching through glibc's own readlink() invocations,
I also spotted three buffer termination bugs :o)
(Filed upstream bug #13335 - #13337)

I'm wondering how the readlink() API specification
ever made it into POSIX...

Cheers,
Thomas


More information about the Rpm-list mailing list