On Thu, Oct 15, 2015 at 11:28:07AM -0600, Todd C. Miller wrote:
> Those checks all look good. The only thing I had a question
> about is the:
>
> len = strlen(sym);
>
> Would it be better to use memchr to search for the NUL terminator
> to avoid going past the end? E.g.
>
> if (memchr(sym, 0, left) == NULL)
> continue;
__fdnlist(int fd, struct nlist *list)
...
for (p = list; !ISLAST(p); p++) {
...
sym = p->n_un.n_name;
I consider sym to be trustworthy here, because it's supplied by the
caller. It's not a pointer into the binary file.