#12274 closed Bug report (rejected)
Buffer overflow when wrongly using `memcpy`
| Reported by: | arya_lee | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | buffer overflow, memcpy | Cc: | arya_lee |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
In the latest source code /tests/dirparsertest.cpp, there is a buffer overflow in function DirectoryListingParserTest::testIndividual().
len is the length of entry.data, not including the null character. So the sizeof(data) is len. According to the reference of memcpyhttp://www.cplusplus.com/reference/cstring/memcpy/, we need to make sure the 1st parameter of memcpy is larger than strlen(2nd parameter)+1(1 means the null-character.) So we should change 1475 to char* data = new char[len+1]; data[len]=0;
To avoid overflows, the size of the array pointed by destination shall be long enough to contain the same C string as source (including the terminating null character), and should not overlap in memory with source.
1474 size_t const len = entry.data.size(); 1475 char* data = new char[len]; 1476 memcpy(data, entry.data.c_str(), len);
Change History (3)
comment:1 by , 4 years ago
| Summary: | uffer overflow when wrongly using `memcpy` → Buffer overflow when wrongly using `memcpy` |
|---|
comment:2 by , 4 years ago
| Resolution: | → rejected |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Looks you are confusing strcpy with memcpy.
There is no overflow here. Len bytes of data are copied in a block of memory len bytes in size.