[PATCH v3] libio: asprintf should write NULL upon failure
Sam James
sam@gentoo.org
Fri Aug 2 21:09:41 GMT 2024
Florian Weimer <fweimer@redhat.com> writes:
> This was suggested most recently by Solar Designer, noting
> that code replacing vsprintf with vasprintf in a security fix
> was subtly wrong:
>
> Re: GStreamer Security Advisory 2024-0003: Orc compiler
> stack-based buffer overflow
> <https://www.openwall.com/lists/oss-security/2024/07/26/2>
>
> Previous libc-alpha discussions:
>
> I: [PATCH] asprintf error handling fix
> <https://inbox.sourceware.org/libc-alpha/20011205185828.GA8376@ldv.office.alt-linux.org/>
>
> asprintf() issue
> <https://inbox.sourceware.org/libc-alpha/CANSoFxt-cdc-+C4u-rTENMtY4X9RpRSuv+axDswSPxbDgag8_Q@mail.gmail.com/>
>
> I don't think we need a compatibility symbol for this. As the
> most recent GStreamer example shows, this change is much more
> likely to fix bugs than cause compatibility issues.
This is my take as well.
Sorry, I thought I'd offered my r-b for v3 too, but I hadn't:
Reviewed-by: Sam James <sam@gentoo.org>
>
> Suggested-by: Dmitry V. Levin <ldv@altlinux.org>
> Suggested-by: Archie Cobbs <archie.cobbs@gmail.com>
> Suggested-by: Solar Designer <solar@openwall.com>
>
> ---
thanks,
sam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 377 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/libc-alpha/attachments/20240802/7447032d/attachment.sig>
More information about the Libc-alpha
mailing list