On Fri, Aug 30, 2024 at 3:01 AM anonymous <invalid.nore...@gnu.org> wrote:
> > Indicating that > https://git.savannah.gnu.org/cgit/screen.git/tree/src/attacher.c#n465 > causes > the crash. > > unsolicited input :) as I read it: p = m.m.command.cmd; n = 0; for (; *av && n < MAXARGS - 1; ++av, ++n) { size_t len; len = strlen(*av) + 1; if (p + len >= m.m.command.cmd + ARRAY_SIZE(m.m.command.cmd) - 1) break; strncpy(p, *av, MAXPATHLEN); p += len; } The if condition above the strncpy will dynamically protect against an actual buffer overflow. However, the third argument to strncpy is too big and needs to be decreased by (len+1)
