Looks like the strncpy length argument is "rax_4 - 1", which shouldn't overwrite the NULL terminator?
-
-
- Još 1 odgovor
Novi razgovor -
-
-
memcpy_totally_100_percent_safe_trust_me
- Još 1 odgovor
Novi razgovor -
-
-
You can download the full report here:https://finitestate.io/finite-state-supply-chain-assessment/ …
- Još 1 odgovor
Novi razgovor -
-
-
IMHO the main point of a “safe” C function is to make the programmer think: “will it fit in the dst buffer”? And this wrapper does that job. There is nothing preventing you writing MAXINT in there if you are dumb enough. Truly safe memcpy requires a safe language like Go or Rust.
-
What would be the downside of it actually checking?
- Još 2 druga odgovora
Novi razgovor -
-
-
So is malice or incompetence being implied here? The latter is as valid a reason to deselect products in secure environments as that of paranoid intent of nation states, just not so exciting for the news media
-
Sufficient incompetence is indistinguishable from malice. But that was always the problem here. The bar has been raised, and they've stumbled on the approach never mind the jump.
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.