Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#12274 closed Bug report (rejected)

Buffer overflow when wrongly using `memcpy`

Reported by: arya_lee Owned by:
Priority: normal Component: FileZilla Client
Keywords: buffer overflow, memcpy Cc: arya_lee
Component version: Operating system type:
Operating system version:


In the latest source code /tests/dirparsertest.cpp, there is a buffer overflow in function DirectoryListingParserTest::testIndividual().
len is the length of, not including the null character. So the sizeof(data) is len. According to the reference of memcpy, we need to make sure the 1st parameter of memcpy is larger than strlen(2nd parameter)+1(1 means the null-character.) So we should change 1475 to char* data = new char[len+1]; data[len]=0;

To avoid overflows, the size of the array pointed by destination shall be long enough to contain the same C string as source (including the terminating null character), and should not overlap in memory with source.

1474	    size_t const len =;
1475	    char* data = new char[len];
1476	    memcpy(data,, len);

Change History (3)

comment:1 by arya_lee, 3 months ago

Summary: uffer overflow when wrongly using `memcpy`Buffer overflow when wrongly using `memcpy`

comment:2 by Tim Kosse, 3 months ago

Resolution: rejected
Status: newclosed

Looks you are confusing strcpy with memcpy.

There is no overflow here. Len bytes of data are copied in a block of memory len bytes in size.

comment:3 by arya_lee, 3 months ago

Ooops, yeah, I confuse them. Sorry for the bother ;)

Note: See TracTickets for help on using tickets.