[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #32122] unsufficient stack space for sprintf

From: Kees Cook
Subject: [bug #32122] unsufficient stack space for sprintf
Date: Thu, 13 Jan 2011 22:24:25 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b9) Gecko/20100101 Firefox/4.0b9


                 Summary: unsufficient stack space for sprintf
                 Project: texinfo - GNU documentation system
            Submitted by: keescook
            Submitted on: Thu 13 Jan 2011 10:24:24 PM GMT
                Category: makeinfo
                 Release: 4.13a
                Priority: 5 - Normal
                Severity: 3 - Normal
              Item Group: bug
                 Privacy: Public
             Open/Closed: Open
             Assigned to: None
         Discussion Lock: Any
                  Status: None




       char s[1];
       sprintf (s, "%c", numbers[0] + 64);
       return xstrdup (s);

sprintf() above with write 2 bytes, even though s is only 1. Attached patch
fixes this and nearby overflow.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]