Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks
Patrick Schluter
Patrick.Schluter at bbox.fr
Wed Dec 9 08:26:35 UTC 2020
On Wednesday, 2 December 2020 at 17:52:29 UTC, H. S. Teoh wrote:
> An equally bad thing about C strings is that utterly evil
> function known as strncpy. Why is it evil? Because it comes
> with the warning that the result may not be terminated if the
> target buffer is not large enough to contain the entire string.
> And guess how many people gloss over or simply forget that
> detail? Yep, I've fixed a whole bunch of bugs caused by that.
>
The only sin of strncpy() is its name. The problem is that people
think it is a string function (even you fell for it), but it
never was a string function, it is a buffer function and a
mem*/buf* prefix would have gone a long way to avoid its misuse
as a string function. Beyond its truncation feature, it has a
second functionality that most people do not know and that make
it definitely different from the string function, it overwrites
the whole buffer with 0 to the end of it, making it often a
performance hog:
char buffer[32000];
strncpy(buffer, "a", sizeof buffer);
will write 32000 characters.
Historically it was invented for early Unix, to write the
filename in the directory entry, which was size 14 at that time.
strncpy(direntry, filename, 14);
strncpy() has its uses, but it is important to know, that it is
NOT a string function. The new warning in gcc since version 9 is
annoying and has to be shut up in some cases (with pragmas) as
there are legitimate uses of strncpy (unlike gets(), which is
always wrong)
Except for that, I completely agree with the rest of your rant.
More information about the Digitalmars-d
mailing list