You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(122) |
Nov
(152) |
Dec
(69) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(6) |
Feb
(25) |
Mar
(73) |
Apr
(82) |
May
(24) |
Jun
(25) |
Jul
(10) |
Aug
(11) |
Sep
(10) |
Oct
(54) |
Nov
(203) |
Dec
(182) |
| 2004 |
Jan
(307) |
Feb
(305) |
Mar
(430) |
Apr
(312) |
May
(187) |
Jun
(342) |
Jul
(487) |
Aug
(637) |
Sep
(336) |
Oct
(373) |
Nov
(441) |
Dec
(210) |
| 2005 |
Jan
(385) |
Feb
(480) |
Mar
(636) |
Apr
(544) |
May
(679) |
Jun
(625) |
Jul
(810) |
Aug
(838) |
Sep
(634) |
Oct
(521) |
Nov
(965) |
Dec
(543) |
| 2006 |
Jan
(494) |
Feb
(431) |
Mar
(546) |
Apr
(411) |
May
(406) |
Jun
(322) |
Jul
(256) |
Aug
(401) |
Sep
(345) |
Oct
(542) |
Nov
(308) |
Dec
(481) |
| 2007 |
Jan
(427) |
Feb
(326) |
Mar
(367) |
Apr
(255) |
May
(244) |
Jun
(204) |
Jul
(223) |
Aug
(231) |
Sep
(354) |
Oct
(374) |
Nov
(497) |
Dec
(362) |
| 2008 |
Jan
(322) |
Feb
(482) |
Mar
(658) |
Apr
(422) |
May
(476) |
Jun
(396) |
Jul
(455) |
Aug
(267) |
Sep
(280) |
Oct
(253) |
Nov
(232) |
Dec
(304) |
| 2009 |
Jan
(486) |
Feb
(470) |
Mar
(458) |
Apr
(423) |
May
(696) |
Jun
(461) |
Jul
(551) |
Aug
(575) |
Sep
(134) |
Oct
(110) |
Nov
(157) |
Dec
(102) |
| 2010 |
Jan
(226) |
Feb
(86) |
Mar
(147) |
Apr
(117) |
May
(107) |
Jun
(203) |
Jul
(193) |
Aug
(238) |
Sep
(300) |
Oct
(246) |
Nov
(23) |
Dec
(75) |
| 2011 |
Jan
(133) |
Feb
(195) |
Mar
(315) |
Apr
(200) |
May
(267) |
Jun
(293) |
Jul
(353) |
Aug
(237) |
Sep
(278) |
Oct
(611) |
Nov
(274) |
Dec
(260) |
| 2012 |
Jan
(303) |
Feb
(391) |
Mar
(417) |
Apr
(441) |
May
(488) |
Jun
(655) |
Jul
(590) |
Aug
(610) |
Sep
(526) |
Oct
(478) |
Nov
(359) |
Dec
(372) |
| 2013 |
Jan
(467) |
Feb
(226) |
Mar
(391) |
Apr
(281) |
May
(299) |
Jun
(252) |
Jul
(311) |
Aug
(352) |
Sep
(481) |
Oct
(571) |
Nov
(222) |
Dec
(231) |
| 2014 |
Jan
(185) |
Feb
(329) |
Mar
(245) |
Apr
(238) |
May
(281) |
Jun
(399) |
Jul
(382) |
Aug
(500) |
Sep
(579) |
Oct
(435) |
Nov
(487) |
Dec
(256) |
| 2015 |
Jan
(338) |
Feb
(357) |
Mar
(330) |
Apr
(294) |
May
(191) |
Jun
(108) |
Jul
(142) |
Aug
(261) |
Sep
(190) |
Oct
(54) |
Nov
(83) |
Dec
(22) |
| 2016 |
Jan
(49) |
Feb
(89) |
Mar
(33) |
Apr
(50) |
May
(27) |
Jun
(34) |
Jul
(53) |
Aug
(53) |
Sep
(98) |
Oct
(206) |
Nov
(93) |
Dec
(53) |
| 2017 |
Jan
(65) |
Feb
(82) |
Mar
(102) |
Apr
(86) |
May
(187) |
Jun
(67) |
Jul
(23) |
Aug
(93) |
Sep
(65) |
Oct
(45) |
Nov
(35) |
Dec
(17) |
| 2018 |
Jan
(26) |
Feb
(35) |
Mar
(38) |
Apr
(32) |
May
(8) |
Jun
(43) |
Jul
(27) |
Aug
(30) |
Sep
(43) |
Oct
(42) |
Nov
(38) |
Dec
(67) |
| 2019 |
Jan
(32) |
Feb
(37) |
Mar
(53) |
Apr
(64) |
May
(49) |
Jun
(18) |
Jul
(14) |
Aug
(53) |
Sep
(25) |
Oct
(30) |
Nov
(49) |
Dec
(31) |
| 2020 |
Jan
(87) |
Feb
(45) |
Mar
(37) |
Apr
(51) |
May
(99) |
Jun
(36) |
Jul
(11) |
Aug
(14) |
Sep
(20) |
Oct
(24) |
Nov
(40) |
Dec
(23) |
| 2021 |
Jan
(14) |
Feb
(53) |
Mar
(85) |
Apr
(15) |
May
(19) |
Jun
(3) |
Jul
(14) |
Aug
(1) |
Sep
(57) |
Oct
(73) |
Nov
(56) |
Dec
(22) |
| 2022 |
Jan
(3) |
Feb
(22) |
Mar
(6) |
Apr
(55) |
May
(46) |
Jun
(39) |
Jul
(15) |
Aug
(9) |
Sep
(11) |
Oct
(34) |
Nov
(20) |
Dec
(36) |
| 2023 |
Jan
(79) |
Feb
(41) |
Mar
(99) |
Apr
(169) |
May
(48) |
Jun
(16) |
Jul
(16) |
Aug
(57) |
Sep
(19) |
Oct
|
Nov
|
Dec
|
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
|
|
|
|
1
(4) |
2
(7) |
3
(29) |
4
(2) |
|
5
(2) |
6
(14) |
7
(4) |
8
(17) |
9
(19) |
10
(17) |
11
(18) |
|
12
(21) |
13
(22) |
14
(16) |
15
(14) |
16
(2) |
17
|
18
(3) |
|
19
|
20
(1) |
21
(14) |
22
(9) |
23
(13) |
24
|
25
|
|
26
(1) |
27
(12) |
28
(2) |
29
(17) |
30
(14) |
31
(5) |
|
|
From: <sv...@va...> - 2013-05-26 21:09:36
|
philippe 2013-05-26 22:09:20 +0100 (Sun, 26 May 2013)
New Revision: 13409
Log:
fix 320211 Stack buffer overflow in ./coregrind/m_main.c with huge TMPDIR
* Addition of a function to compute size of buffer needed for VG_(mkstemp)
* Use it to dimension buffers for all VG_(mkstemp) calls.
Modified files:
trunk/NEWS
trunk/coregrind/m_debuginfo/readpdb.c
trunk/coregrind/m_libcfile.c
trunk/coregrind/m_main.c
trunk/coregrind/pub_core_libcfile.h
Modified: trunk/coregrind/m_main.c (+1 -1)
===================================================================
--- trunk/coregrind/m_main.c 2013-05-22 21:43:25 +01:00 (rev 13408)
+++ trunk/coregrind/m_main.c 2013-05-26 22:09:20 +01:00 (rev 13409)
@@ -1837,7 +1837,7 @@
VG_(cl_auxv_fd) = -1;
#else
if (!need_help) {
- HChar buf[50], buf2[50+64];
+ HChar buf[50], buf2[VG_(mkstemp_fullname_bufsz)(50-1)];
HChar nul[1];
Int fd, r;
const HChar* exename;
Modified: trunk/NEWS (+1 -0)
===================================================================
--- trunk/NEWS 2013-05-22 21:43:25 +01:00 (rev 13408)
+++ trunk/NEWS 2013-05-26 22:09:20 +01:00 (rev 13409)
@@ -344,6 +344,7 @@
introduction of new Iops for AVX2, BMI, FMA support
FIXED 13347
+320211 Stack buffer overflow in ./coregrind/m_main.c with huge TMPDIR
Release 3.8.1 (19 September 2012)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Modified: trunk/coregrind/pub_core_libcfile.h (+5 -1)
===================================================================
--- trunk/coregrind/pub_core_libcfile.h 2013-05-22 21:43:25 +01:00 (rev 13408)
+++ trunk/coregrind/pub_core_libcfile.h 2013-05-26 22:09:20 +01:00 (rev 13409)
@@ -84,10 +84,14 @@
in terms of pread()?) */
extern SysRes VG_(pread) ( Int fd, void* buf, Int count, OffT offset );
+/* Size of fullname buffer needed for a call to VG_(mkstemp) with
+ part_of_name having the given part_of_name_len. */
+extern SizeT VG_(mkstemp_fullname_bufsz) ( SizeT part_of_name_len );
+
/* Create and open (-rw------) a tmp file name incorporating said arg.
Returns -1 on failure, else the fd of the file. If fullname is
non-NULL, the file's name is written into it. The number of bytes
- written is guaranteed not to exceed 64+strlen(part_of_name). */
+ written is equal to VG_(mkstemp_fullname_bufsz)(part_of_name). */
extern Int VG_(mkstemp) ( HChar* part_of_name, /*OUT*/HChar* fullname );
/* Record the process' working directory at startup. Is intended to
Modified: trunk/coregrind/m_debuginfo/readpdb.c (+1 -1)
===================================================================
--- trunk/coregrind/m_debuginfo/readpdb.c 2013-05-22 21:43:25 +01:00 (rev 13408)
+++ trunk/coregrind/m_debuginfo/readpdb.c 2013-05-26 22:09:20 +01:00 (rev 13409)
@@ -2407,7 +2407,7 @@
/* This is a giant kludge, of the kind "you did WTF?!?", but it
works. */
Bool do_cleanup = False;
- HChar tmpname[100], tmpnameroot[50];
+ HChar tmpname[VG_(mkstemp_fullname_bufsz)(50-1)], tmpnameroot[50];
Int fd, r;
HChar* res = NULL;
Modified: trunk/coregrind/m_libcfile.c (+14 -2)
===================================================================
--- trunk/coregrind/m_libcfile.c 2013-05-22 21:43:25 +01:00 (rev 13408)
+++ trunk/coregrind/m_libcfile.c 2013-05-26 22:09:20 +01:00 (rev 13409)
@@ -653,14 +653,26 @@
return tmpdir;
}
+static const HChar *mkstemp_format = "%s/valgrind_%s_%08x";
+
+SizeT VG_(mkstemp_fullname_bufsz) ( SizeT part_of_name_len )
+{
+ return VG_(strlen)(mkstemp_format)
+ + VG_(strlen)(VG_(tmpdir)()) - 2 // %s tmpdir
+ + part_of_name_len - 2 // %s part_of_name
+ + 8 - 4 // %08x
+ + 1; // trailing 0
+}
+
+
/* Create and open (-rw------) a tmp file name incorporating said arg.
Returns -1 on failure, else the fd of the file. If fullname is
non-NULL, the file's name is written into it. The number of bytes
- written is guaranteed not to exceed 64+strlen(part_of_name). */
+ written is equal to VG_(mkstemp_fullname_bufsz)(part_of_name). */
Int VG_(mkstemp) ( HChar* part_of_name, /*OUT*/HChar* fullname )
{
- HChar buf[200];
+ HChar buf[VG_(mkstemp_fullname_bufsz)(VG_(strlen)(part_of_name))];
Int n, tries, fd;
UInt seed;
SysRes sres;
|