Hi,In lib/string.h line
38,staticinlinechar*xstrdup(constchar*c){size_tl=strlen(c)+1;// xmalloc may
fail, and z will be NULL. char*z=xmalloc(l);// write to a NULL pointer, crash.
memcpy(z,c,l);returnz;}I think this is a vulnerability, and maybe we can fix it
as
following:staticinlinechar*xstrdup(constchar*c){size_tl=strlen(c)+1;char*z=xmalloc(l);
if(z) { memcpy(z,c,l);returnz; } else return -1;}Thanks for any
consideration!Peiyu Liu, NESA lab, Zhejiang University
- Vulnerability? Bug? Missing check after xmalloc() in xstrd... liupeiyu
