CoreFoundation: ensure that we do not overflow the dest

compnerd · web-flow · commit 170c1fbc4337 · 2021-11-15T18:11:50.000Z
This `memcpy` could potentially overflow if the source was smaller than
the destination.  We now trim this to the minimum of the source and dest
(similar to `strlcpy`).
diff --git a/CoreFoundation/Base.subproj/CFPlatform.c b/CoreFoundation/Base.subproj/CFPlatform.c
@@ -1611,7 +1611,7 @@ CF_CROSS_PLATFORM_EXPORT int _CFThreadGetName(char *buf, int length) {
         char *buffer = calloc(szLength + 1, sizeof(char));
         WideCharToMultiByte(CP_UTF8, WC_ERR_INVALID_CHARS, pszThreadDescription,
                             -1, buffer, szLength, NULL, NULL);
-        memcpy(buf, buffer, length - 1);
+        memcpy(buf, buffer, MIN(szLength, length - 1));
         buf[MIN(szLength, length - 1)] = '\0';
         free(buffer);
     }

Original file line number	Diff line number	Diff line change
`@@ -1611,7 +1611,7 @@ CF_CROSS_PLATFORM_EXPORT int _CFThreadGetName(char *buf, int length) {`
`1611`	`1611`	`char *buffer = calloc(szLength + 1, sizeof(char));`
`1612`	`1612`	`WideCharToMultiByte(CP_UTF8, WC_ERR_INVALID_CHARS, pszThreadDescription,`
`1613`	`1613`	`-1, buffer, szLength, NULL, NULL);`
`1614`		`- memcpy(buf, buffer, length - 1);`
	`1614`	`+ memcpy(buf, buffer, MIN(szLength, length - 1));`
`1615`	`1615`	`buf[MIN(szLength, length - 1)] = '\0';`
`1616`	`1616`	`free(buffer);`
`1617`	`1617`	`}`