Claudio Jeker: > In tal_parse() use strndup() to create the tal descr instead of the more > complex malloc, memcpy version. Result is the same but the strndup version > is a lot nicer.
Yes, but... > --- tal.c 11 Oct 2020 12:39:25 -0000 1.22 > +++ tal.c 3 Dec 2020 12:00:25 -0000 > @@ -198,10 +198,8 @@ tal_parse(const char *fn, char *buf) > dlen = strlen(d); > if (strcasecmp(d + dlen - 4, ".tal") == 0) > dlen -= 4; That looks like a potential out-of-bounds access. Are we guaranteed that dlen >= 4 here? > - if ((p->descr = malloc(dlen + 1)) == NULL) > + if ((p->descr = strndup(d, dlen)) == NULL) > err(1, NULL); > - memcpy(p->descr, d, dlen); > - p->descr[dlen] = '\0'; > > return p; > } ok -- Christian "naddy" Weisgerber na...@mips.inka.de
