Using the return value from snprintf without proper checks can cause overflow.

The size arguments of the following snprintf calls are derived from their return values, which may exceed the size of the buffer and overflow.

The return value of a call to snprintf is the number of characters that would have been written to the buffer assuming there was sufficient space. In the event that the operation reaches the end of the buffer and more than one character is discarded, the return value will be greater than the buffer size. This can cause incorrect behavior.

In line `312` of `larray.c`:
```
		length = snprintf(buffer + offset,
		                  maxlen - offset,
		                  fmt,
		                  lstring_to_cstr(lemon, string));
```
and
In line `357` of `ltable.c`:
```
		length = snprintf(buffer + offset,
		                  maxlen - offset,
		                  fmt,
		                  lstring_to_cstr(lemon, key),
		                  lstring_to_cstr(lemon, value));
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Using the return value from snprintf without proper checks can cause overflow. #29

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Using the return value from snprintf without proper checks can cause overflow. #29

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions