On Thu, Feb 15, 2024 at 05:17:17PM +0700, Oleg Tselebrovskiy wrote: > Thanks for review!
dt_common.c is quite amazing, the APIs that we have in it rely on strcpy() but we have no idea of the length of the buffer string given in input to store the result. This would require breaking the existing APIs or inventing new ones to be able to plug some safer strlcpy() calls. Not sure if it's really worth bothering. For now, I've applied the OOM checks on HEAD and the fix with the null termination on all stable branches. -- Michael
signature.asc
Description: PGP signature
