|Subject:||Re: [fluid-dev] Bug Report: -an overflow|
|Date:||Wed, 9 Feb 2005 15:40:21 +0200|
fluidsynth can be exploited through an overflow when passing an argument to the "-a" option.
Looks like its a problem with a static error buffer which is 512 bytes. FluidSynth is trying to tell you it couldn't find a driver by that name
(500 'A's) using vsprintf on the static buffer. I was tempted to just stick vsnprintf in there instead to limit the max length of error
output, but then recalled that this function might not be available on all platforms. Can anyone confirm or deny this for platforms other than
Linux? (Windows and Mac OS X in particular).
|[Prev in Thread]||Current Thread||[Next in Thread]|