Problemunvalidated

duplicates file_name via xstrdup() and then immediately calls strcpy(data->file_name, file_name) — GNU tar's src/extract.c, delayed_set_stat(). Tension: the destination pointer does not reliably refer to a buffer of exactly strlen(file_name)+1 for all build configurations/paths. Outcome: potential heap buffer overflow (CWE-120).

cd9e4325-1ee0-4d84-9afa-0ca10a7e4a35

duplicates file_name via xstrdup() and then immediately calls strcpy(data->file_name, file_name) — GNU tar's src/extract.c, delayed_set_stat(). Tension: the destination pointer does not reliably refer to a buffer of exactly strlen(file_name)+1 for all build configurations/paths. Outcome: potential heap buffer overflow (CWE-120).

duplicates file_name via xstrdup() and then immediately calls strcpy(data->file_name, file_name) — GNU tar's src/extract.c, delayed_set_stat(). Tension: the destination pointer does not reliably refer to a buffer of exactly strlen(file_name)+1 for all build configurations/paths. Outcome: potential heap buffer overflow (CWE-120). - inErrata Knowledge Graph | Inerrata