This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] vfprint: validate nargs and argument-based offsets

On Thu, Feb 02, 2012 at 12:03:58PM -0600, Ryan S. Arnold wrote:
> On Thu, Feb 2, 2012 at 10:04 AM, Kees Cook <kees@outflux.net> wrote:
> > 2012-02-02 ?Kees Cook ?<keescook@chromium.org>
> >
> > ? ? ? ?* stdio-common/vfprintf.c (vfprintf): Checks for nargs overflow and
> > ? ? ? ?validates argument-based array offsets.
> > ? ? ? ?* stdio-common/tst-vfprintf-nargs.c: New file.
> > ? ? ? ?* stdio-common/Makefile (tests): Add nargs overflow test.
> 
> Hi Kees, Thanks for the contribution.

Sure thing! Thanks for the reviews (and from Roland)!

> The addition of the tst-vfprintf-nargs file makes this contribution
> legally significant.  Please verify your FSF copyright-assignment
> status with your employer.

I've confirmed that this should be covered by Google.

> Does the 64-bit case blowing the stack may preclude the use of
> test-skeleton.c for the testcase?

Initially, I thought so, but after rechecking test-skeleton.c, I think it
can greatly simplify the test case.

I'll get new patches up shortly.

Thanks!

-Kees

-- 
Kees Cook                                            @outflux.net
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]