[llvm-dev] Overlapping memcpy
Maciej Adamczyk via llvm-dev
llvm-dev at lists.llvm.org
Mon Dec 7 22:28:47 PST 2015
> The lack of such error checking is one of the big reasons that libraries like
> libjpeg, libpng, and so on have been a huge source of vulnerabilities in web
> browsers for the last couple of decades. It sounds like your friend has
> already added a security hole to his library, please discourage him from
> adding any more.
So far he has turned to memmove. He surely doesn't want the code working incorrectly and with unknowns he decided to play it safe. But we (me especially) wonder if it really is an issue as we fail to find anything that compiler or stdlib could exploit to make the code misbehave (as corrupting the buffer is OK in this case).
More information about the llvm-dev