Date: Sat, 24 Apr 2004 23:30:26 -0700 (PDT) From: David Schultz <das@FreeBSD.ORG> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/62694: [PATCH] /usr/src/lib/libc/locale/ldpart.c buffer overflow Message-ID: <200404250630.i3P6UQWV054946@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/62694; it has been noted by GNATS. From: David Schultz <das@FreeBSD.ORG> To: moulin p <moulin.p@calyopea.com> Cc: phantom@FreeBSD.ORG, ache@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG Subject: Re: misc/62694: [PATCH] /usr/src/lib/libc/locale/ldpart.c buffer overflow Date: Sat, 24 Apr 2004 23:21:45 -0700 On Wed, Feb 11, 2004, moulin p wrote: > in /usr/src/lib/libc/locale/ldpart.c > - *locale_buf was tested without prior checked if locale_buf > was NULL or not => sigvec under certain circumstances. If you look at the callers of this (private) function, you'll notice that this can't happen. Although locale_buf can be a pointer to NULL, it is never NULL itself. > - a strchr was used on an non '\0' terminated buffer => crash This appears to be a legitimate concern. Moreover, it appears that split_lines() may write a '\0' one byte beyond the end of the buffer. I've CC'd the original author and ache@, and hopefully one of them will take care of the problems. > in /usr/src/lib/libc/locale/srune.c (with gcc's -Werror flag) > - memcpy needs <string.h> to be properly prototyped. > > in /usr/src/lib/libc/locale/wcstold.c (with gcc's -Werror flag) > - two unused variables. It looks like these were already fixed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404250630.i3P6UQWV054946>