[PD-dev] [ pure-data-Patches-1848295 ] Fix small potential stack overflow

SourceForge.net noreply at sourceforge.net
Wed Jan 16 15:45:36 CET 2008 

Patches item #1848295, was opened at 2007-12-11 01:53
Message generated for change (Settings changed) made by zmoelnig
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
Group: bugfix
>Status: Pending
Resolution: None
Priority: 5
Private: No
Submitted By: Russell Bryant (russellbryant)
Assigned to: Miller Puckette (millerpuckette)
Summary: Fix small potential stack overflow

Initial Comment:
Attached is a patch to fix another potential stack buffer overflow in s_main.c.  I didn't send this over in private because I don't think it can be exploited in any useful way, so it's just a small bug.

----------------------------------------------------------------------

Comment By: Miller Puckette (millerpuckette)
Date: 2008-01-14 19:45

Message:
Logged In: YES 
user_id=313747
Originator: NO

taken.


----------------------------------------------------------------------

Comment By: Hans-Christoph Steiner (eighthave)
Date: 2007-12-26 22:45

Message:
Logged In: YES 
user_id=27104
Originator: NO

checked into branch-v0-40-extended

----------------------------------------------------------------------

Comment By: Russell Bryant (russellbryant)
Date: 2007-12-11 03:41

Message:
Logged In: YES 
user_id=1942915
Originator: YES

Also, let me just clarify my original summary just a little bit.

You can cause the overrun of the buffer by providing a really long input
string to the -schedlib command line option.  It's just not exploitable in
such a way that it would be considered a security issue.

----------------------------------------------------------------------

Comment By: Russell Bryant (russellbryant)
Date: 2007-12-11 03:38

Message:
Logged In: YES 
user_id=1942915
Originator: YES

I'm sorry for the stupid typo.  That code is actually only compiled in for
a Windows build (whenever MSW is defined), so I didn't notice.

----------------------------------------------------------------------

Comment By: Russell Bryant (russellbryant)
Date: 2007-12-11 03:36

Message:
Logged In: YES 
user_id=1942915
Originator: YES

File Added: filename_overflow.patch2.txt

----------------------------------------------------------------------

Comment By: Hans-Christoph Steiner (eighthave)
Date: 2007-12-11 02:18

Message:
Logged In: YES 
user_id=27104
Originator: NO

I am guessing there is a typo in that patch, since the new line also uses
sprintf() instead of snprintf():

-        sprintf(filename, "%s.dll", sys_externalschedlibname);
+        sprintf(filename, sizeof(filename), "%s.dll",
sys_externalschedlibname);

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736

More information about the Pd-dev mailing list