"Shen, Mingjie" <[email protected]> writes: > Replaced unsafe strcpy(buf, p) calls with bounded strncpy(buf, p, > sizeof(buf)-1) > followed by explicit NULL-termination. This change ensures that the UTF-8 > result from stringprep_locale_to_utf8 cannot overflow the fixed-size buf > array.
Thanks for the report. Inspired by https://meyering.net/crusade-to-eliminate-strncpy/ I solved it like this instead: https://cgit.git.savannah.gnu.org/cgit/libidn.git/commit/?id=ba07192a34c7699fda7a681d6b961dbb65286109 /Simon
signature.asc
Description: PGP signature
