On Tue, 16 May 2023 16:49:27 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> src/utils/hsdis/binutils/hsdis-binutils.c line 248: >> >>> 246: size_t used_size = strlen(close); >>> 247: char* p = buf + used_size; >>> 248: bufsize -= used_size; >> >> May not happen in practice, but if `used_size` is larger than `bufsize` this >> will wrap to a very large value. Perhaps the `strcpy` above should also be >> an `snprintf`, and the return value handled the same way as for the >> subsequent `snprintf` calls? > > I think it is safe as the `buf` size has been checked at around line 230. > However, it may make the code easier to read if replacing `strcpy` with > `snprintf`. The patch was updated accordingly. This and all uses of snprintf in this change are incorrect. If the output is truncated, snprintf returns the number of characters that would have been written if there had been enough space. That is, the result may be larger than bufsize. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13995#discussion_r1195887441
