This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] vfprintf: validate nargs and maybe allocate from heap
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Kees Cook <kees at outflux dot net>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 06 Feb 2012 00:39:23 -0800
- Subject: Re: [PATCH] vfprintf: validate nargs and maybe allocate from heap
- References: <20120206062537.GM4979@outflux.net>
One more thing. Aren't there similar integer or stack overflow problems
in other parts of the vfprintf.c code? E.g.:
string = (CHAR_T *) alloca (len * sizeof (wchar_t)); \
specs = extend_alloca (specs, nspecs_size, 2 * nspecs_size);
args_value[cnt].pa_user = alloca (args_size[cnt]);
(This is not an exhaustive list.) I'm not asking you to fix all
of them right now, just for whether you think these other things
need fixing too.