[PD-dev] [ pure-data-Patches-1848295 ] Fix small potential stack overflow
SourceForge.net
noreply at sourceforge.net
Wed Dec 19 14:06:08 CET 2007
Patches item #1848295, was opened at 2007-12-11 01:53
Message generated for change (Settings changed) made by zmoelnig
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
>Group: bugfix
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Russell Bryant (russellbryant)
>Assigned to: Miller Puckette (millerpuckette)
Summary: Fix small potential stack overflow
Initial Comment:
Attached is a patch to fix another potential stack buffer overflow in s_main.c. I didn't send this over in private because I don't think it can be exploited in any useful way, so it's just a small bug.
----------------------------------------------------------------------
Comment By: Russell Bryant (russellbryant)
Date: 2007-12-11 03:41
Message:
Logged In: YES
user_id=1942915
Originator: YES
Also, let me just clarify my original summary just a little bit.
You can cause the overrun of the buffer by providing a really long input
string to the -schedlib command line option. It's just not exploitable in
such a way that it would be considered a security issue.
----------------------------------------------------------------------
Comment By: Russell Bryant (russellbryant)
Date: 2007-12-11 03:38
Message:
Logged In: YES
user_id=1942915
Originator: YES
I'm sorry for the stupid typo. That code is actually only compiled in for
a Windows build (whenever MSW is defined), so I didn't notice.
----------------------------------------------------------------------
Comment By: Russell Bryant (russellbryant)
Date: 2007-12-11 03:36
Message:
Logged In: YES
user_id=1942915
Originator: YES
File Added: filename_overflow.patch2.txt
----------------------------------------------------------------------
Comment By: Hans-Christoph Steiner (eighthave)
Date: 2007-12-11 02:18
Message:
Logged In: YES
user_id=27104
Originator: NO
I am guessing there is a typo in that patch, since the new line also uses
sprintf() instead of snprintf():
- sprintf(filename, "%s.dll", sys_externalschedlibname);
+ sprintf(filename, sizeof(filename), "%s.dll",
sys_externalschedlibname);
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736
More information about the Pd-dev
mailing list