- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
cross-posted from: https://lemmy.ml/post/2650558
Highlights:
More work on C2X features.
The strlcpy and strlcat functions have been added. They are derived from OpenBSD, and are expected to be added to a future POSIX version.
Support for x86_64 running on Hurd has been added.
CVE-2023-25139: When the printf family of functions is called with a format specifier that uses an (enable grouping) and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size. The resulting larger than expected output could result in a buffer overflow in the printf family of functions.
Finally getting the strl family functions. It really shouldn’t have taken this long given how many problems are caused by strcat (or even strncat). Now getting people to use them is the next battle.