|
From: | Paul Marinescu |
Subject: | bug#8683: printf out-of-bounds memory access |
Date: | Tue, 17 May 2011 16:31:40 +0100 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 |
The printf spec mentions that an integer argument consisting of a single/double quote followed by a character is interpreted as the ASCII value of that character. However, when the quote is alone, the code in the STRTOX macro (printf.c:171) goes beyond the buffer associated with the argument.
Possible fix: report an error at printf.c:166 if ch is 0. Paul
[Prev in Thread] | Current Thread | [Next in Thread] |