[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Freeipmi-devel] [bug #38866] buffer overrun in _output_date() from sel/
|
From: |
Rob Swindell |
|
Subject: |
[Freeipmi-devel] [bug #38866] buffer overrun in _output_date() from sel/ipmi-sel-string.c:675 |
|
Date: |
Thu, 02 May 2013 02:02:41 +0000 |
|
User-agent: |
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; InfoPath.3; .NET4.0E) |
URL:
<http://savannah.gnu.org/bugs/?38866>
Summary: buffer overrun in _output_date() from
sel/ipmi-sel-string.c:675
Project: GNU FreeIPMI
Submitted by: rswindell
Submitted on: Thu 02 May 2013 02:02:39 AM GMT
Category: ipmi-sel
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Crash
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
call-stack trace:
#0 0x00007f16d3e18425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f16d3e1bb8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007f16d3e5639e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007f16d3eec807 in __fortify_fail () from
/lib/x86_64-linux-gnu/libc.so.6
#4 0x00007f16d3eeb700 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007f16d43a52c2 in memset (__len=257, __ch=0, __dest=0x7fff37f97ce0) at
/usr/include/x86_64-linux-gnu/bits/string3.h:85
#6 _output_date (wlen=0x7fff37f97cd0, flags=22, buflen=4096,
buf=0x7fff37f97eb0 "", sel_record_type=<optimized out>,
sel_entry=0x7fff37f97df0, ctx=0x139b1d0) at sel/ipmi-sel-string.c:675
#7 sel_format_record_string (ctx=0x139b1d0, fmt=0x42797e "d",
sel_record=<optimized out>, sel_record_len=<optimized out>, buf=0x7fff37f97eb0
"", buflen=4096, flags=22) at sel/ipmi-sel-string.c:3443
#8 0x00007f16d439d5cf in ipmi_sel_parse_read_record_string (ctx=0x139b1d0,
fmt=0x42797d "%d", sel_record=<optimized out>, sel_record_len=<optimized out>,
buf=<optimized out>, buflen=<optimized out>,
flags=22) at sel/ipmi-sel.c:2059
#9 0x00000000004057be in _normal_output_date (state_data=0x7fff37f9c0c0,
flags=<optimized out>) at ipmi-sel.c:771
#10 0x0000000000406824 in _normal_output (state_data=0x7fff37f9c0c0,
record_type=<optimized out>) at ipmi-sel.c:1260
#11 0x00000000004072b5 in _sel_parse_callback (ctx=<optimized out>,
callback_data=0x7fff37f9c0c0) at ipmi-sel.c:1622
#12 0x00007f16d439ec35 in ipmi_sel_parse (ctx=0x139b1d0, record_id_start=0,
record_id_last=65535, callback=0x406f80 <_sel_parse_callback>,
callback_data=0x7fff37f9c0c0) at sel/ipmi-sel.c:1099
#13 0x0000000000405379 in _display_sel_records (state_data=0x7fff37f9c0c0) at
ipmi-sel.c:2100
You can't memset (tmpbuf, '\0', SEL_BUFFER_LENGTH + 1) when tmpbuf is only
SEL_BUFFER_LENGTH bytes in length.
-Rob
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?38866>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Freeipmi-devel] [bug #38866] buffer overrun in _output_date() from sel/ipmi-sel-string.c:675,
Rob Swindell <=