[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3
From: |
Richard Frith-Macdonald |
Subject: |
[bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3 on Rhel 5 |
Date: |
Tue, 10 Jun 2008 11:25:42 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 |
Update of bug #23029 (project gnustep):
Status: Need Info => Fixed
Open/Closed: Open => In Test
_______________________________________________________
Follow-up Comment #3:
Thanks.
This section:
#5 0x00000039388e90bb in __realpath_chk (buf=0x66c8 <Address 0x66c8 out
of bounds>,
resolved=0x66c8 <Address 0x66c8 out of bounds>, resolvedlen=6) at
realpath_chk.c:30
#6 0x00002aaaaacd96af in -[NSString stringByResolvingSymlinksInPath]
(self=0x6854a0,
Tells me that the problem is detected in the libc realpath() function.
Now, as far as I can see, the only way this can have a problem is if the
output buffer supplied to the function is not large enough to hold the
expanded path.
The code was defaulting to using 1024 if MAX_PATH was not defined, so I've
changed it to refrain from using realpath() in that situation.
Please could you update using the code from subversion, and see if this fixes
the problem and let me know (you can email direct to richard at
tiptree.demon.co.uk if you are still having problems with email filtering).
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?23029>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/