Sourceware Bugzilla – Attachment 6078 Details for
Bug 13446
crash in vfprintf with more than 64 format args and format specifiers (CVE-2012-3405)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
glibc-2.14-32args-printf.patch (text/plain), 967 bytes, created by
Rich Coe
on 2011-11-29 03:39:22 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Rich Coe
Created:
2011-11-29 03:39:22 UTC
Size:
967 bytes
patch
obsolete
># patch to fix printf when register_printf_function is in use and the format to ># printf contains more than 64 elements. ># ># extend_alloca modifies nspecs_max (2nd arg) with the size of the space, not the ># number of elements. Use a temporary to store the return value. Explicitly set the correct size. ># ># bnc#733140 ># ># Rich Coe (rcoe@wi.rr.com) ># >--- stdio-common/vfprintf.c.orig 2011-11-28 11:53:32.937976831 -0600 >+++ stdio-common/vfprintf.c 2011-11-28 16:07:35.546839533 -0600 >@@ -1683,8 +1683,10 @@ do_positional: > { > /* Extend the array of format specifiers. */ > struct printf_spec *old = specs; >- specs = extend_alloca (specs, nspecs_max, >+ size_t nsize = nspecs_max; >+ specs = extend_alloca (specs, nsize, > 2 * nspecs_max * sizeof (*specs)); >+ nspecs_max = 2 * nspecs_max; > > /* Copy the old array's elements to the new space. */ > memmove (specs, old, nspecs * sizeof (struct printf_spec));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6078">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 13446
:
6077
| 6078