[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#8683: printf out-of-bounds memory access

From: Paul Marinescu
Subject: bug#8683: printf out-of-bounds memory access
Date: Tue, 17 May 2011 16:31:40 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20101208 Thunderbird/3.1.7

In coreutils 8.12 (latest), printf can make an out-of-bounds access when an integer argument consists only of a single or double quote.

The printf spec mentions that an integer argument consisting of a single/double quote followed by a character is interpreted as the ASCII value of that character. However, when the quote is alone, the code in the STRTOX macro (printf.c:171) goes beyond the buffer associated with the argument.

Possible fix: report an error at printf.c:166 if ch is 0.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]