fix CTF pointer overrun
Updated by John Levon about 1 month ago
via Nicolò Mazzucato:
" The problem arose when `p = "s"`, and `lp->ctl_prefix = "struct"`.
`strncmp("s","struct",1)` returns 0, because it checks only the first char.
The following line(137) was advancing `p(="s")` by 6, going over the terminator.
(the value of p can be user controlled)
Updated by Electric Monk about 1 month ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit d15d17d4231f87f1571fa6d585377206f360f667 Author: Nicolò Mazzucato <firstname.lastname@example.org> Date: 2020-06-03T10:01:46.000Z 12786 fix CTF pointer overrun Reviewed by: Toomas Soome <email@example.com> Reviewed by: Robert Mustacchi <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>