https://bugs.exim.org/show_bug.cgi?id=1801
--- Comment #3 from Philip Hazel <ph10@???> ---
Yes, I suspected that might happen. I have committed another patch that I think
will fix the issue and give the same output for buffer overflows, whether or
not there is a binary zero at the end of the buffer. Incidentally, I think your
snprintf() is buggy. This is what I see in a version of the C99 standard that
I've got (called C99.2007.pdf):
The snprintf function is equivalent to fprintf, except that the output is
written into an array (specified by argument s) rather than to a stream. If n
is zero, nothing is written, and s may be a null pointer. Otherwise, output
characters beyond the n-1st are discarded rather than being written to the
array, and a null character is written at the end of the characters actually
written into the array. If copying takes place between objects that overlap,
the behavior is undefined.
That seems to state quite clearly that a null character is written in the event
of buffer overflow.
--
You are receiving this mail because:
You are on the CC list for the bug.