This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] vfprint: validate nargs and argument-based offsets
On Thu, Feb 02, 2012 at 12:03:58PM -0600, Ryan S. Arnold wrote:
> On Thu, Feb 2, 2012 at 10:04 AM, Kees Cook <kees@outflux.net> wrote:
> > 2012-02-02 ?Kees Cook ?<keescook@chromium.org>
> >
> > ? ? ? ?* stdio-common/vfprintf.c (vfprintf): Checks for nargs overflow and
> > ? ? ? ?validates argument-based array offsets.
> > ? ? ? ?* stdio-common/tst-vfprintf-nargs.c: New file.
> > ? ? ? ?* stdio-common/Makefile (tests): Add nargs overflow test.
>
> Hi Kees, Thanks for the contribution.
Sure thing! Thanks for the reviews (and from Roland)!
> The addition of the tst-vfprintf-nargs file makes this contribution
> legally significant. Please verify your FSF copyright-assignment
> status with your employer.
I've confirmed that this should be covered by Google.
> Does the 64-bit case blowing the stack may preclude the use of
> test-skeleton.c for the testcase?
Initially, I thought so, but after rechecking test-skeleton.c, I think it
can greatly simplify the test case.
I'll get new patches up shortly.
Thanks!
-Kees
--
Kees Cook @outflux.net