Author: michael Date: To: exim-users Subject: RE: [Exim] Another small patch, please comment
> The memcpy is a memory exception waiting to happen. It would copy random > bytes off the stack beyond the end of the string. You need to do the string
> copy of the source string and then fill the unused bytes.
That would only happen if a too long string length was passed to
string_cat. As it is, the function appears to be used only to copy
part of a string, where memcpy does not make a difference, or at some
cases the full string including a terminating NUL. I did not see a call
where a greater length than the string size is passed to the function.
That would probably be a bug anyway and asking for trouble in case the
source string is not NUL terminated. But Exim may try that for good
reasons and I just didn't see it, hence my request for comments.