This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] vfprint: validate nargs and argument-based offsets


> The nargs value can overflow when doing allocations, and argument-based
> offsets are not bounds-checked, allowing arbitrary memory writes via
> format strings, bypassing _FORTIFY_SOURCE protections:
> http://www.phrack.org/issues.html?issue=67&id=9
> 
> This checks for nargs overflow and validates argument-based array offsets.

Seems like a good candidate for adding a test case that demonstrates the
problems.

> +    /* Check for potential integer overflow. */

Two spaces after a period (here and below).


Thanks,
Roland


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]