| commit | 260bf8cfe00f83bc579dfe81c78b75bd9973f051 | [log] [tgz] |
|---|---|---|
| author | Nick Kralevich <nnk@google.com> | Fri Jul 13 11:27:06 2012 -0700 |
| committer | Nick Kralevich <nnk@google.com> | Fri Jul 13 13:49:59 2012 -0700 |
| tree | b8ff686500d30625cb9d5908ecba4895f20a1467 | |
| parent | b2060b027c9eb2748895b53a0d69d40b52371a4e [diff] |
FORTIFY_SOURCE: strlen check.
This test is designed to detect code such as:
int main() {
char buf[10];
memcpy(buf, "1234567890", sizeof(buf));
size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
printf("%d\n", len);
return 0;
}
or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.
Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182