On Wed, Oct 28, 2020 at 7:11 PM Robie Basak <email address hidden>
wrote:
> > + len = buff_len < 8 ? -ENODATA :
> > + (buff_len <= maxlen ? buff_len : maxlen);
> > + memcpy (str, buff, len);
>
> This looked concerning to me. There's a code path that will call memcpy
> with a len of -ENODATA which seemed quite dangerous to me.
>
>
Great catch Robie,
I'll incorporate that.
On Wed, Oct 28, 2020 at 7:11 PM Robie Basak <email address hidden>
wrote:
> > + len = buff_len < 8 ? -ENODATA :
> > + (buff_len <= maxlen ? buff_len : maxlen);
> > + memcpy (str, buff, len);
>
> This looked concerning to me. There's a code path that will call memcpy
> with a len of -ENODATA which seemed quite dangerous to me.
>
>
Great catch Robie,
I'll incorporate that.