Buffer overflow in fread and strncpy in C++
Question
I'm getting buffer overflow case from the appscan for the below set of code. I'm not sure what is wrong in it. If someone suggest a solution that would be great. Common Code is for all the platform.
int main()
{
char* src = NULL;
char* chenv = getenv("HOME");
if (chenv == NULL || strlen(chenv) == 0)
return -1;
else
{
int len = strlen(chenv);
src = new char[len+1];
strncpy(src, chenv, len); // AppScan throws buffer overflow
src[len+1]='\0';
}
FILE* fp;
char content[4096];
int len = 0;
fp = fopen("filename.txt", "r");
if(fp)
{
while( (len = fread(content, sizeof(char), sizeof(content), fp))> 0) // AppScan throws buffer overflow on content
{
docopy(content, len);// External funtion call.
}
}
return 0;
}
1 answers
solution1
0 2020-08-14 08:31:28
Instead of strncpy I tried using strdup() and the issue solved. But the fread is still having the issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
C++ Buffer Overflow
Is there a buffer overflow helloworld for c++?
Intentional Buffer overflow in c++
buffer overflow in c++ [on hold]
Own strncpy() C++
C++ Equivalent of strncpy
How to prevent buffer overflow in C/C++?
Preventing buffer overflow in C/C++
Does buffer overflow happen in C++ strings?
ifstream buffer limit/overflow? C++ (_cnt?)
Related Tags