Bug#190937: Unsafe use of asprintf () in anna

To: submit@bugs.debian.org
Subject: Bug#190937: Unsafe use of asprintf () in anna
From: Christian Biere <christianbiere@gmx.de>
Date: Sun, 27 Apr 2003 12:35:27 +0200
Message-id: <[🔎] 20030427123527.21428e43.christianbiere@gmx.de>
Reply-to: Christian Biere <christianbiere@gmx.de>, 190937@bugs.debian.org

Package: anna
Version: 0.026, HEAD

This concerns the following files:

debian-installer/anna/anna.c
debian-installer/anna/util.c

AFAIK asprintf() in glibc doesn't guarantee to nullify the supplied first
pointer in case of failure. Thus, the pointer might point to anywhere.
Its value is simply undefined. The correct way is to check whether
asprintf() returns -1. Even if glibc was changed so that it nullifies
the pointer, I somehow doubt it's a good idea simply passing it to
various functions. 

(I don't use Debian, so this report might be incomplete.)

-- 
Christian

Attachment: pgp3gqv7JSgIb.pgp
Description: PGP signature

Reply to:

Prev by Date: Add udeb_include file for the netinst CD
Next by Date: Re: Add udeb_include file for the netinst CD
Previous by thread: Re: Add udeb_include file for the netinst CD
Next by thread: Install report testing 26apr03 netinstall images
Index(es):
- Date
- Thread