Re: [Nasm-devel] possible buffer overflow fix

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

At 07:40 AM  Tuesday 5/3/2005, Jindrich Novy wrote:
>While fixing CAN-2004-1287 I found that there's yet another vsprintf
>that may cause buffer overflow. I haven't properly investigated whether
>it could be somehow exploited, but maybe snprintf should be used here
>instead to avoid possible vulnerabilities. I'm sending an one-liner to
>fix this.

Yes.

--John

         PGP KeyID: 6781C9C8  (good until 31-Dec-2008)
         Keyserver at ldap://keyserver.pgp.com
         LILO links at http://freshmeat.net/projects/lilo
         and Help link at http://lilo.go.dyndns.org