Patch: buffer overflow in info in get_manpage

bug-texinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch: buffer overflow in info in get_manpage_node()

From:	James Chang
Subject:	Patch: buffer overflow in info in get_manpage_node()
Date:	Wed, 04 Mar 2015 11:28:55 -0800
User-agent:	Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20141217 Thunderbird/17.0.11

Hello texinfo team,

Here's an internal bug report we have at oracle:

During SST s12_066(RE) fuzz testing we've found that

  # info <string > 1kB>/<name of valid man page>

dumps core with Segmentation Fault.

# info `perl -e 'print"a"x2000'`/man
  Segmentation Fault (core dumped)


Patch:
--- texinfo-4.13/info/man.c     Sat Jul  5 16:32:19 2008
+++ texinfo-4.13/info/man.c     Tue Mar  3 15:02:03 2015
@@ -83,7 +83,7 @@
           int hlen, plen;
          char *old_contents = file_buffer->contents;

-          sprintf (header, "\n\n%c\n%s %s,  %s %s,  %s (dir)\n\n",
+          snprintf (header, 1024, "\n\n%c\n%s %s,  %s %s,  %s (dir)\n\n",
                    INFO_COOKIE,
                    INFO_FILE_LABEL, file_buffer->filename,
                    INFO_NODE_LABEL, pagename,

Thanks,

James Chang

[Prev in Thread]

Current Thread

[Next in Thread]

Patch: buffer overflow in info in get_manpage_node(), James Chang <=
- Re: Patch: buffer overflow in info in get_manpage_node(), Gavin Smith, 2015/03/06
  - Re: Patch: buffer overflow in info in get_manpage_node(), James Chang, 2015/03/06
  - Re: Patch: buffer overflow in info in get_manpage_node(), Patrice Dumas, 2015/03/07
    - Re: Patch: buffer overflow in info in get_manpage_node(), Karl Berry, 2015/03/08

Prev by Date: Re: Spurious diagnostics from texi2dvi -E
Next by Date: Re: Spurious diagnostics from texi2dvi -E
Previous by thread: Difference between PDF and html
Next by thread: Re: Patch: buffer overflow in info in get_manpage_node()
Index(es):
- Date
- Thread