Found with ttyname_test and CHERI bounds checking.
Sponsored by: DARPA, AFRL
Obtained from: CheriBSD
Differential D10377
Fix an out-of-bounds write when a zero-length buffer is passed. brooks on Apr 12 2017, 10:57 PM. Authored by Tags None Referenced Files
Subscribers None
Details Found with ttyname_test and CHERI bounds checking. Sponsored by: DARPA, AFRL
Diff Detail
Event TimelineComment Actions I also wonder if we should perform a NULL pointer check, but POSIX doesn't explicitly allow EINVAL. Comment Actions Bruce would argue that a SIGSEGV is a valid NULL pointer check. That is the failure case for many other APIs in userland (e.g. strlen() and strcpy()). |