strncpy code security issue
KaisEbraheem opened this issue · comments
I am using Mantle in our iOS apps (Objective-C & Swift) for a many years now. Recently I have scanned the code using the SonarQube sonar-scanner tool which revealed several HIGH priority security issues on one particular file : MTLEXTRuntimeExtensions.m, all issues are related to the use of strncpy C-function. Can you please update the code to address this security issue in MTLEXTRuntimeExtensions.m.
One possible alternative is strlcpy.c (although not part of the standard C-library, it's available on Apple macOS since 2011).
See: https://www.usenix.org/legacy/events/usenix99/full_papers/millert/millert.pdf
Thanks for flagging the issue 💖
That said, it's been a while since I've written C, what's the security issue being flagged by the tool and how does strlcpy
alleviate it?
Happy to look at any PR to the effect.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.