[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [fluid-dev] Bug Report: -an overflow

From: Ebrahim Mayat
Subject: Re: [fluid-dev] Bug Report: -an overflow
Date: Wed, 9 Feb 2005 15:40:21 +0200

On Mon, 2005-02-07 at 18:07 +0100, Axioplase wrote:
fluidsynth can be exploited through an overflow when passing an argument to the "-a" option.


I tried this on OS X and I also get a seg fault.

% uname -a
Darwin MolGraphics.local 7.7.0 Darwin Kernel Version 7.7.0: Sun Nov 7 16:06:51 PST 2004; root:xnu/xnu-517.9.5.obj~1/RELEASE_PPC Power Macintosh powerpc

% fluidsynth -a `perl -e 'print "A"x500'`
Segmentation fault

On Feb 9, 2005, at 10:00 AM, Josh Green wrote:

Looks like its a problem with a static error buffer which is 512 bytes. FluidSynth is trying to tell you it couldn't find a driver by that name
(500 'A's) using vsprintf on the static buffer. I was tempted to just stick vsnprintf in there instead to limit the max length of error
output, but then recalled that this function might not be available on all platforms. Can anyone confirm or deny this for platforms other than
Linux? (Windows and Mac OS X in particular).

Both vsprintf and vsnprintf can be called on OS X.

% grep vsprintf /usr/include/*.h
/usr/include/stdio.h:int vsprintf(char *, const char *, _BSD_VA_LIST_);

% grep vsnprintf /usr/include/*.h
/usr/include/stdio.h:int vsnprintf(char *, size_t, const char *, _BSD_VA_LIST_);

reply via email to

[Prev in Thread] Current Thread [Next in Thread]