This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

format string vulnerabilities in c++filt

From: "Chris Rohlf" <chris dot rohlf at gmail dot com>
To: binutils at sourceware dot org
Date: Thu, 22 Nov 2007 12:39:09 -0500
Subject: format string vulnerabilities in c++filt

Hi,

There are two format string vulnerabilities in c++filt program of binutils.

Line 66
printf (mangled_name);

and line 71
printf (result);

These are easily demonstrated by running c++filt on a symbol with the
correct format specifiers:

$./c++filt AAA%x.AAA%x.AAA%x.AAA%x.AAA
AAAb.AAA804be40.AAA0.AAAbfbe82d0.AAA

Thanks!

chris
http://em386.blogspot.com

Follow-Ups:
- Re: format string vulnerabilities in c++filt
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]