[OCLUG-devel] Re: [OCLUG] Security Holes In Sample Code [was: Trouble with strings and files]
Christopher Smith
x at xman.org
Sun Jul 11 19:52:57 PDT 2004
On Sun, 2004-07-11 at 08:07, Jack Denman wrote:
> I do not see the buffer overflow in the GNU code. Let each one that knows the
> "C" language judge for themselves, and don't take anybody's word for it.
Could you enlighten us as to where I'm going wrong in describing the
error? Do integer overflows not happen in C? What does happen if the
buffer is already > SIZE_MAX/2 and needs to be resized to continue
reading the line?
Oh, and do you still feel there is a buffer overflow in the fgets()
code?
--
Christopher Smith <x at xman.org>
More information about the OCLUG-devel
mailing list