bug-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3


From: Richard Frith-Macdonald
Subject: [bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3 on Rhel 5
Date: Tue, 10 Jun 2008 11:25:42 +0000
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20

Update of bug #23029 (project gnustep):

                  Status:               Need Info => Fixed                  
             Open/Closed:                    Open => In Test                

    _______________________________________________________

Follow-up Comment #3:

Thanks.
This section:

#5 0x00000039388e90bb in __realpath_chk (buf=0x66c8 <Address 0x66c8 out 
of bounds>, 
resolved=0x66c8 <Address 0x66c8 out of bounds>, resolvedlen=6) at 
realpath_chk.c:30 
#6 0x00002aaaaacd96af in -[NSString stringByResolvingSymlinksInPath] 
(self=0x6854a0, 

Tells me that the problem is detected in the libc realpath() function.

Now, as far as I can see, the only way this can have a problem is if the
output buffer supplied to the function is not large enough to hold the
expanded path.
The code was defaulting to using 1024 if MAX_PATH was not defined, so I've
changed it to refrain from using realpath() in that situation.

Please could you update using the code from subversion, and see if this fixes
the problem and let me know (you can email direct to richard at
tiptree.demon.co.uk if you are still having problems with email filtering).



    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?23029>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]