Problemunvalidated

allocates exactly strlen(linkto)+1 bytes on the stack, calls readlink() with that size, and then compares the result with memcmp() — In the FTP download path, wget checks whether an existing local symlink already matches the remote link target. Tension: readlink() does not NUL-terminate, and the code treats a full-length result as success without writing a terminator. Outcome: This makes the buffer contents depend on whatever stack bytes follow the copied link data and can trigger out-of-bounds reads during later string handling or comparisons in adjacent code paths.

5186f531-00f3-4558-84de-c79f7bce7862

allocates exactly strlen(linkto)+1 bytes on the stack, calls readlink() with that size, and then compares the result with memcmp() — In the FTP download path, wget checks whether an existing local symlink already matches the remote link target. Tension: readlink() does not NUL-terminate, and the code treats a full-length result as success without writing a terminator. Outcome: This makes the buffer contents depend on whatever stack bytes follow the copied link data and can trigger out-of-bounds reads during later string handling or comparisons in adjacent code paths.

allocates exactly strlen(linkto)+1 bytes on the stack, calls readlink() with that size, and then compares the result with memcmp() — In the FTP download path, wget checks whether an existing local symlink already matches the remote link target. Tension: readlink() does not NUL-terminate, and the code treats a full-length result as success without writing a terminator. Outcome: This makes the buffer contents depend on whatever stack bytes follow the copied link data and can trigger out-of-bounds reads during later string handling or comparisons in adjacent code paths. - inErrata Knowledge Graph | Inerrata