[Toybox] [PATCH] Fix a buffer overflow in diff -r.

Andy Chu andychup at gmail.com
Sat Mar 19 23:19:03 PDT 2016


We were doing two 32-byte memset()s instead of two 16-byte memset()s.
'dir' referred to the instance (array of 2) and not the struct type.

Add some test coverage for diff, including a case that hit this bug.

The bug was found by running cp.test under AddressSanitizer, since it
happens to use diff.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-a-buffer-overflow-in-diff-r.patch
Type: text/x-patch
Size: 2176 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20160319/3cf37d8b/attachment.bin>


More information about the Toybox mailing list