> On Mar 9, 2017, at 9:16 AM, Legacy, Allain <allain.leg...@windriver.com> > wrote: > >> -----Original Message----- >> From: Wiles, Keith [mailto:keith.wi...@intel.com] >> Sent: Thursday, March 09, 2017 8:46 AM >> Would this change still cause a failure and memory over write if the user >> decides to have very large string. Does the code check the lengths to make >> sure they are valid and return error? >> > > The fgets() is bounded by the size of the buffer and the subsequent > validation will raise an error if no newline was detected within the buffer > therefore an overly long line will result in a failure. I have added a test > case in the v2 patchset in which I have added a unit test framework for this > library. > > while (fgets(buffer, sizeof(buffer), f) != NULL) { > char *pos = NULL; > size_t len = strnlen(buffer, sizeof(buffer)); > lineno++; > if ((len >= sizeof(buffer) - 1) && (buffer[len-1] != '\n')) { > printf("Error line %d - no \\n found on string. " > "Check if line too long\n", lineno); > goto error1; > } > > Does that satisfy your concern and qualify for you Ack?
Acked-by: Keith Wiles <keith.wi...@intel.com> Regards, Keith
