Re: Buffer over-read in l

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Buffer over-read in l_strcmp
From: Andrew Gierth <andrew@...>
Date: Fri, 09 Jun 2023 20:10:42 +0100

>>>>> "Xmilia" == Xmilia Hermit <xmilia.hermit@gmail.com> writes:

 Xmilia> Hi,
 Xmilia> I found a buffer over-read in l_strcmp. The function uses
 Xmilia> strcoll but does not account for the possibility that two
 Xmilia> strings with different lengths can result in a zero retrun from
 Xmilia> strcoll.

Good catch!

The behavior of strcoll even in the same locale can and often will
differ between systems and even between library versions on the same
system; but it is certainly true that it has never guaranteed that
strings of different byte length will not compare equal, which seems
to be the assumption the code is making here.

-- 
Andrew.

Follow-Ups:
- Re: Buffer over-read in l_strcmp, Xmilia Hermit

References:
- Buffer over-read in l_strcmp, Xmilia Hermit

Prev by Date: Buffer over-read in l_strcmp
Next by Date: Re: Buffer over-read in l_strcmp
Previous by thread: Buffer over-read in l_strcmp
Next by thread: Re: Buffer over-read in l_strcmp
Index(es):
- Date
- Thread