[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patch: buffer overflow in info in get_manpage_node()
From: |
James Chang |
Subject: |
Patch: buffer overflow in info in get_manpage_node() |
Date: |
Wed, 04 Mar 2015 11:28:55 -0800 |
User-agent: |
Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20141217 Thunderbird/17.0.11 |
Hello texinfo team,
Here's an internal bug report we have at oracle:
During SST s12_066(RE) fuzz testing we've found that
# info <string > 1kB>/<name of valid man page>
dumps core with Segmentation Fault.
# info `perl -e 'print"a"x2000'`/man
Segmentation Fault (core dumped)
Patch:
--- texinfo-4.13/info/man.c Sat Jul 5 16:32:19 2008
+++ texinfo-4.13/info/man.c Tue Mar 3 15:02:03 2015
@@ -83,7 +83,7 @@
int hlen, plen;
char *old_contents = file_buffer->contents;
- sprintf (header, "\n\n%c\n%s %s, %s %s, %s (dir)\n\n",
+ snprintf (header, 1024, "\n\n%c\n%s %s, %s %s, %s (dir)\n\n",
INFO_COOKIE,
INFO_FILE_LABEL, file_buffer->filename,
INFO_NODE_LABEL, pagename,
Thanks,
James Chang
- Patch: buffer overflow in info in get_manpage_node(),
James Chang <=