[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#162917: [bcollins@debian.org: Re: Bug#162917: libc6: strftime crashes with invalid input]



On Tue, Oct 01, 2002 at 07:13:32PM -0400, Ben Collins wrote:
> >     printf("%s", bogusPointer);
> 
> This is the exact same problem. The segfault you get in strftime is
> caused by -1 being used as an array position (foo[-1]).

So glibc chose an implementation which is not particularly safe.

> As I said, you got this problem by ignoring practical programming, which
> means checking return values.

True in this case, but it doesn't mean there isn't a more direct
approach to the same problem.


Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>



Reply to: