[libc-commits] [libc] fix oob and overflow bugs in llc (PR #203697)

Sat Jun 13 04:08:26 PDT 2026

llvmorg-github-actions[bot] wrote:




@llvm/pr-subscribers-libc

Author: Hardik Kumar (hardikxk)

<details>
<summary>Changes</summary>

closes #203649 
- I have added a check in `libc/src/wchar/wcslcat.cpp` to prevent overflow caused by when static_cast wraps the limit.
- For the `wcsncat` implementation I have fixed the condition in the for loop to first check if `i` is within bounds preventing OOB access on `s2`

I am new to the codebase so any feedback would be very helpful and I will be happy to follow up promptly after a review!

---
Full diff: https://github.com/llvm/llvm-project/pull/203697.diff


2 Files Affected:

- (modified) libc/src/wchar/wcslcat.cpp (+2) 
- (modified) libc/src/wchar/wcsncat.cpp (+1-1) 


``````````diff

diff --git a/libc/src/wchar/wcslcat.cpp b/libc/src/wchar/wcslcat.cpp
index eb318e066f7a0..374b47c8b3578 100644
--- a/libc/src/wchar/wcslcat.cpp
+++ b/libc/src/wchar/wcslcat.cpp
@@ -21,6 +21,8 @@ LLVM_LIBC_FUNCTION(size_t, wcslcat,
                     size_t dstsize)) {
   const size_t dstlen = internal::string_length(dst);
   const size_t srclen = internal::string_length(src);
+  if (dstlen >= dstsize) 
+    return dstsize + srclen;
   int limit = static_cast<int>(dstsize - dstlen - 1);
   size_t returnval = (dstsize < dstlen ? dstsize : dstlen) + srclen;
   if (limit < 0)
diff --git a/libc/src/wchar/wcsncat.cpp b/libc/src/wchar/wcsncat.cpp
index 62595b4b5418c..985fb5f1cbace 100644
--- a/libc/src/wchar/wcsncat.cpp
+++ b/libc/src/wchar/wcsncat.cpp
@@ -21,7 +21,7 @@ LLVM_LIBC_FUNCTION(wchar_t *, wcsncat,
                     size_t n)) {
   size_t size = internal::string_length(s1);
   size_t i = 0;
-  for (; s2[i] && i < n; ++i)
+  for (; i < n && s2[i]; ++i)
     s1[size + i] = s2[i];
   // Appending null character to the end of the result.
   s1[size + i] = L'\0';

``````````

</details>


https://github.com/llvm/llvm-project/pull/203697
