[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch: buffer overflow in info in get_manpage_node()

From: James Chang
Subject: Patch: buffer overflow in info in get_manpage_node()
Date: Wed, 04 Mar 2015 11:28:55 -0800
User-agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20141217 Thunderbird/17.0.11

Hello texinfo team,

Here's an internal bug report we have at oracle:

During SST s12_066(RE) fuzz testing we've found that

  # info <string > 1kB>/<name of valid man page>

dumps core with Segmentation Fault.

# info `perl -e 'print"a"x2000'`/man
  Segmentation Fault (core dumped)

--- texinfo-4.13/info/man.c     Sat Jul  5 16:32:19 2008
+++ texinfo-4.13/info/man.c     Tue Mar  3 15:02:03 2015
@@ -83,7 +83,7 @@
           int hlen, plen;
          char *old_contents = file_buffer->contents;

-          sprintf (header, "\n\n%c\n%s %s,  %s %s,  %s (dir)\n\n",
+          snprintf (header, 1024, "\n\n%c\n%s %s,  %s %s,  %s (dir)\n\n",
                    INFO_FILE_LABEL, file_buffer->filename,
                    INFO_NODE_LABEL, pagename,


James Chang

reply via email to

[Prev in Thread] Current Thread [Next in Thread]