This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] vfprintf: validate nargs and maybe allocate from heap
- From: Kees Cook <kees at outflux dot net>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 6 Feb 2012 09:20:43 -0800
- Subject: Re: [PATCH] vfprintf: validate nargs and maybe allocate from heap
- References: <20120206062537.GM4979@outflux.net><4F2F91BB.6010605@cs.ucla.edu>
Hi Paul,
On Mon, Feb 06, 2012 at 12:39:23AM -0800, Paul Eggert wrote:
> One more thing. Aren't there similar integer or stack overflow problems
> in other parts of the vfprintf.c code? E.g.:
Yeah, my intention is to examine the rest of the code for similar issues.
> specs = extend_alloca (specs, nspecs_size, 2 * nspecs_size);
This on in particular I've looked at and have mostly convinced myself that
it is okay, since it must constantly copy the previous memory into the
newly allocated region.
> (This is not an exhaustive list.) I'm not asking you to fix all
> of them right now, just for whether you think these other things
> need fixing too.
I'll want to look closer, for more than just simple overflow, but haven't
yet.
-Kees
--
Kees Cook @outflux.net