#1 Buffer overflow in format()

closed-fixed
None
5
2004-04-16
2004-04-13
Patrick Kursawe
No

There's a bug in the format() function that usually
shows up by causing segfaults (at least with some locales).

Discussion

  • Looks like I finally managed to upload it?

     
    Attachments
  • Romain Liévin
    Romain Liévin
    2004-04-15

    Logged In: YES
    user_id=136160

    Which version of TiLP did you use for patch ? Source code
    does not match !

     
  • Romain Liévin
    Romain Liévin
    2004-04-15

    • assigned_to: nobody --> roms
    • status: open --> pending
     
    • status: pending --> open
     
  • Logged In: YES
    user_id=727554

    Sorry - this was TiLP version 6.68

     
  • Romain Liévin
    Romain Liévin
    2004-04-16

    Logged In: YES
    user_id=136160

    Well, my source code is somewhat different. Maybe I have
    already fixed some things.

    Could you replace your labels.c file by this one ?
    Could you tell me whether you are still encoutering your bug ?

    Thanks, Romain.

     
  • Romain Liévin
    Romain Liévin
    2004-04-16

    • status: open --> pending
     
  • Romain Liévin
    Romain Liévin
    2004-04-16

    TiLP v6.71 labels.c source code

     
    Attachments
  • Romain Liévin
    Romain Liévin
    2004-04-16

    Logged In: YES
    user_id=136160

    format() function rewritten and tested.

     
  • Romain Liévin
    Romain Liévin
    2004-04-16

    • status: pending --> closed-fixed
     
  • Logged In: YES
    user_id=727554

    I think it would be not helpful to know if I encounter a bug
    or not, since your function still just assumes that some
    buffer will be big enough... quite likely it will be ok for
    99% of cases, but I think it is no good idea to do it this way.

    Just for the case it makes you sleep better: I wasn't able
    to crash the new version with some locales I tried :-)