i8086emu / Patches / #6 GUI stack array overflow (off-by-one error)

GUI stack array overflow (off-by-one error)

Status: Beta

Brought to you by: dr_brown, memphis_, perrin_

#6 GUI stack array overflow (off-by-one error)

Milestone: stable

Status: closed

Owner: Memphis

Labels: None

Priority: 5

Updated: 2018-10-10

Created: 2018-09-15

Creator: AW.

Private: No

On modern Linux this bug causes abort with stack fortifier enabled. sprintf terminates 10-char string with '\0', and the array is 10 bytes long, causing overflow:

void paint_mem(GtkWidget widget, GdkEventExpose event, i8086core core, unsigned int startAdr)
{
char memstr="", tmp;
char numstr[10];
[...]
sprintf(numstr, "\n%04x:%04x", CAST_TO_BASE((startAdr+(icols))/0x10000, 17), (i808616BitAdr)(CAST_TO_MEMSIZE(startAdr+(i*cols))));

1 Attachments

0001-Fix-stack-array-overflow-in-GUI.patch

Discussion

Memphis - 2018-10-10

status: unread --> open-accepted

assigned_to: Memphis
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Memphis - 2018-10-10

status: open-accepted --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Memphis - 2018-10-10

fixed in master - thx.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

GUI stack array overflow (off-by-one error)

Group

Searches

Help

#6 GUI stack array overflow (off-by-one error)

Discussion