[PD-dev] [ pure-data-Bugs-2838114 ] zexy fwriteln buffer overflow
SourceForge.net
noreply at sourceforge.net
Sat Aug 15 12:33:59 CEST 2009
Bugs item #2838114, was opened at 2009-08-15 10:33
Message generated for change (Tracker Item Submitted) made by claudiusmaximus
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=2838114&group_id=55736
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: externals
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: ClaudiusMaximus (claudiusmaximus)
Assigned to: Nobody/Anonymous (nobody)
Summary: zexy fwriteln buffer overflow
Initial Comment:
The buffer for the prefix is too small.
gcc -I. -DHAVE_CONFIG_H -DZEXY_LIBRARY -DPD -I/usr/src/pd/src -g -O2 -g -Wall -O2 -mms-bitfields -fPIC -mfpmath=sse -msse -g -O2 -g -Wall -O2 -c -o fwriteln.o fwriteln.c
In file included from /usr/include/string.h:640,
from fwriteln.c:26:
In function 'strcpy',
inlined from 'fwriteln_new' at fwriteln.c:233:
/usr/include/bits/string3.h:106: warning: call to __builtin___strcpy_chk will always overflow destination buffer
In function 'strcpy',
inlined from 'fwriteln_new' at fwriteln.c:236:
/usr/include/bits/string3.h:106: warning: call to __builtin___strcpy_chk will always overflow destination buffer
Line 195: char prefix[2]="%";
Line 233: strcpy(prefix,"%-");
Line 236: strcpy(prefix,"%+");
The strcpy will copy an additional '\0' byte which will overflow the buffer.
Suggested fix: increase the prefix buffer size
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=2838114&group_id=55736
More information about the Pd-dev
mailing list