Skip to content

Fix bounded concatenation in char arrays#576

Open
Old-Ding wants to merge 1 commit into
ros2:rollingfrom
Old-Ding:codex/fix-char-array-strncat-bounds
Open

Fix bounded concatenation in char arrays#576
Old-Ding wants to merge 1 commit into
ros2:rollingfrom
Old-Ding:codex/fix-char-array-strncat-bounds

Conversation

@Old-Ding

Copy link
Copy Markdown

Summary

  • stop rcutils_char_array_strncat() at the source string terminator when it appears before n
  • calculate capacity and buffer_length from the bytes actually copied
  • reject destination length arithmetic overflow before resizing or copying

Testing

  • linked a focused C probe against origin/rolling: returned success with buffer_length=10 for a two-character source
  • linked the same probe against this change: returned success with buffer_length=7 and 123456
  • compiled src/char_array.c as C11 with Zig
  • git diff --check

rcutils_char_array_strncat copied exactly n bytes even when the source string ended earlier, reading and counting data past the terminator. Use the bounded source length for copying and reject destination length overflow.

Signed-off-by: Old-Ding <35417409+Old-Ding@users.noreply.github.com>
@mergify

mergify Bot commented Jul 11, 2026

Copy link
Copy Markdown

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant