[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #32122] unsufficient stack space for sprintf
|
From: |
Kees Cook |
|
Subject: |
[bug #32122] unsufficient stack space for sprintf |
|
Date: |
Thu, 13 Jan 2011 22:24:25 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:2.0b9) Gecko/20100101 Firefox/4.0b9 |
URL:
<http://savannah.gnu.org/bugs/?32122>
Summary: unsufficient stack space for sprintf
Project: texinfo - GNU documentation system
Submitted by: keescook
Submitted on: Thu 13 Jan 2011 10:24:24 PM GMT
Category: makeinfo
Release: 4.13a
Priority: 5 - Normal
Severity: 3 - Normal
Item Group: bug
Privacy: Public
Open/Closed: Open
Assigned to: None
Discussion Lock: Any
Status: None
_______________________________________________________
Details:
makeinfo/sectioning.c:
char s[1];
sprintf (s, "%c", numbers[0] + 64);
return xstrdup (s);
sprintf() above with write 2 bytes, even though s is only 1. Attached patch
fixes this and nearby overflow.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?32122>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #32122] unsufficient stack space for sprintf,
Kees Cook <=