[PD-dev] [ pure-data-Patches-1848295 ] Fix small potential stack overflow
SourceForge.net
noreply at sourceforge.net
Tue Dec 11 03:36:24 CET 2007
Patches item #1848295, was opened at 2007-12-10 18:53
Message generated for change (Comment added) made by russellbryant
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Russell Bryant (russellbryant)
Assigned to: Nobody/Anonymous (nobody)
Summary: Fix small potential stack overflow
Initial Comment:
Attached is a patch to fix another potential stack buffer overflow in s_main.c. I didn't send this over in private because I don't think it can be exploited in any useful way, so it's just a small bug.
----------------------------------------------------------------------
>Comment By: Russell Bryant (russellbryant)
Date: 2007-12-10 20:36
Message:
Logged In: YES
user_id=1942915
Originator: YES
File Added: filename_overflow.patch2.txt
----------------------------------------------------------------------
Comment By: Hans-Christoph Steiner (eighthave)
Date: 2007-12-10 19:18
Message:
Logged In: YES
user_id=27104
Originator: NO
I am guessing there is a typo in that patch, since the new line also uses
sprintf() instead of snprintf():
- sprintf(filename, "%s.dll", sys_externalschedlibname);
+ sprintf(filename, sizeof(filename), "%s.dll",
sys_externalschedlibname);
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736
More information about the Pd-dev
mailing list