[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #51841] find buffer-overflow with -printf '%T+'

From: Kamil Dudka
Subject: [bug #51841] find buffer-overflow with -printf '%T+'
Date: Fri, 25 Aug 2017 07:01:53 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0

Follow-up Comment #1, bug #51841 (project findutils):

I think that both the bug and the fix are obvious.  After the mentioned
the code writes 12 bytes into a stack-allocated array of size 6 bytes:

  char fmt[6];

  // [...]

  /* Format the main part of the time. */
  if (kind == '+')
      /* Avoid %F, some Unix versions lack it.  For example:
         HP Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 17 22:59:59 CST 2016
         Also, some older HP-UX versions expand %F as the full month (like
         Reported by Steven M. Schweda <address@hidden> */
      strcpy (fmt, "%Y-%m-%d+%T");

I believe that increasing size of the fmt array to 12 bytes will fix the bug.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]