[mono-threads-posix] Fix a buffer overflow (rather an information leak / over-read...

[mono-threads-posix] Fix a buffer overflow (rather an information leak / over-read)

While testing Clang's AddressSanitizer, I found and fixed a buffer overflow.

Up for discussion: it might be worth importing `strlcpy` (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string/strlcpy.c?rev=1.11) for similar purposes as it provides additional safety and also helps with the readability?

diff --git a/mono/utils/mono-threads-posix.c b/mono/utils/mono-threads-posix.c
index 79cc366d78f780dd9b01d9b9286e46616ac70c0b..138cc9e4b6aebd411ea1e0f75b88ce42b1cb5176 100644 (file)
--- a/mono/utils/mono-threads-posix.c
+++ b/mono/utils/mono-threads-posix.c
@@ -206,7 +206,7 @@ mono_native_thread_set_name (MonoNativeThreadId tid, const char *name)
        } else {
                char n [63];
 
        } else {
                char n [63];
 

-               memcpy (n, name, sizeof (n) - 1);
+               strncpy (n, name, sizeof (n) - 1);

                n [sizeof (n) - 1] = '\0';
                pthread_setname_np (n);
        }
                n [sizeof (n) - 1] = '\0';
                pthread_setname_np (n);
        }


@@ -216,7 +216,7 @@ mono_native_thread_set_name (MonoNativeThreadId tid, const char *name)
        } else {
                char n [PTHREAD_MAX_NAMELEN_NP];
 
        } else {
                char n [PTHREAD_MAX_NAMELEN_NP];
 

-               memcpy (n, name, sizeof (n) - 1);
+               strncpy (n, name, sizeof (n) - 1);

                n [sizeof (n) - 1] = '\0';
                pthread_setname_np (tid, "%s", (void*)n);
        }
                n [sizeof (n) - 1] = '\0';
                pthread_setname_np (tid, "%s", (void*)n);
        }


@@ -226,7 +226,7 @@ mono_native_thread_set_name (MonoNativeThreadId tid, const char *name)
        } else {
                char n [16];
 
        } else {
                char n [16];
 

-               memcpy (n, name, sizeof (n) - 1);
+               strncpy (n, name, sizeof (n) - 1);

                n [sizeof (n) - 1] = '\0';
                pthread_setname_np (tid, n);
        }
                n [sizeof (n) - 1] = '\0';
                pthread_setname_np (tid, n);
        }