[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#7213: [PATCH] sort: fix buffer overrun on 32-bit hosts when warning
bug#7213: [PATCH] sort: fix buffer overrun on 32-bit hosts when warning re obsolete keys
Thu, 14 Oct 2010 11:27:24 +0100
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:188.8.131.52) Gecko/20100227 Thunderbird/3.0.3
Ah I wasn't aware anytostr put the numbers at the end of the buffer.
That's confirmed by replacing the tmp buffer with one on the heap
$ valgrind ./src/sort --debug +0 -1 /dev/null
==25943== Memcheck, a memory error detector.
==25943== Invalid write of size 1
==25943== at 0x8051F25: umaxtostr (anytostr.c:34)
==25943== by 0x8050D95: main (sort.c:2336)
==25943== Address 0x4026f64 is 9 bytes after a block of size 11 alloc'd
On 14/10/10 08:12, Paul Eggert wrote:
> * src/sort.c (key_warnings): Local buffer should be of size
> INT_BUFSIZE_BOUND (uintmax_t), not INT_BUFSIZE_BOUND (sword).
> This bug was discovered by running 'make check' on a 32-bit
> Solaris 8 sparc host, using Sun cc.
So the test failed due to buffer overrun side effects?