The man page of strncpy
states:
char *strncpy(char *dest, const char *src, size_t n);
The strcpy() and strncpy() functions return a pointer to the destination string dest.
Is it possible that strncpy(buff, "something", 9) == 0
be true if char buff[100]
?
UPDATE
I also consider it as not very probable but it's part of a program that I should make to bufferoverflow and this condition stays on my way to achieve this.
strncpy(NULL, "something", 0)
... – Alex Lop.NULL
pointer the function does not return 0. "If strDest or strSource is a NULL pointer, or if count is less than or equal to zero, the invalid parameter handler is invoked, as described in Parameter Validation. If execution is allowed to continue, these functions return -1 and set errno to EINVAL" (MSVC). – Weather VaneNULL
in some circumstances, then it should not beNULL
. – The Paramagnetic Croissantmmap()
withMAP_FIXED
, and somehowNULL
gets passed tommap
as the first parameter, you will find thatNULL
references valid memory. There are probably other memory-management functions that can do the same (althoughshmat()
seems immune to this type of abuse because of the way it's specified. See pubs.opengroup.org/onlinepubs/009695399/functions/shmat.html) – Andrew Henle