Grip / Bugs / #329 versionbuf buffer overflow in 'ja' locale

#329 versionbuf buffer overflow in 'ja' locale

Milestone: Bug

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2018-05-19

Created: 2005-07-06

Creator: Anonymous

Private: No

Grip 3.3.1 crashed due to buffer overflow in 'ja' locale.

In the function MakeAboutPage() of grip.c, versionbuf declared

char versionbuf[20];

and used as follows.

sprintf(versionbuf,_("Version %s"),VERSION);
label=gtk_label_new(versionbuf);

When using po/ja.po, this string needs 22bytes length.
And this causes buffer overflow.

Please increase the size of versionbuf and check the size with g_snprinf().
Or use g_strdup_printf() to avoid this.

Solbu - 2018-05-19

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Solbu - 2018-05-19

We believe it was fixed in version 3.3.2 by applying an old Debian patch from 2006.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: