Re: r2172 - glibc-package/trunk/debian/patches/any

To: Aurelien Jarno <aurel32@alioth.debian.org>
Cc: debian-glibc@lists.debian.org
Subject: Re: r2172 - glibc-package/trunk/debian/patches/any
From: Pierre Habouzit <madcoder@debian.org>
Date: Fri, 4 May 2007 11:21:52 +0200
Message-id: <[🔎] 20070504092152.GA9901@artemis>
Mail-followup-to: Aurelien Jarno <aurel32@alioth.debian.org>, debian-glibc@lists.debian.org
In-reply-to: <[🔎] E1Hjjza-0002KN-Sh@alioth.debian.org>
References: <[🔎] E1Hjjza-0002KN-Sh@alioth.debian.org>

On Thu, May 03, 2007 at 10:41:42PM +0000, Aurelien Jarno wrote:
> Author: aurel32
> Date: 2007-05-03 22:41:42 +0000 (Thu, 03 May 2007)
> New Revision: 2172
> 
> Modified:
>    glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff
> Log:
> Update cvs-vfprintf-stack-smashing.diff from CVS
> 
> 
> Modified: glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff
> ===================================================================
> --- glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff	2007-05-03 21:01:08 UTC (rev 2171)
> +++ glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff	2007-05-03 22:41:42 UTC (rev 2172)
> @@ -1,3 +1,8 @@
> +2007-05-02  Jakub Jelinek  <jakub@redhat.com>
> +
> +	* stdio-common/vfprintf.c (process_string_arg): Use a VLA rather than
> +	fixed length array for ignore.
> +
>  2007-04-30  Ulrich Drepper  <drepper@redhat.com>
>  
>  	[BZ #4438]
> @@ -7,11 +12,11 @@
>  ===================================================================
>  RCS file: /cvs/glibc/libc/stdio-common/vfprintf.c,v
>  retrieving revision 1.135
> -retrieving revision 1.136
> -diff -u -r1.135 -r1.136
> +retrieving revision 1.137
> +diff -u -r1.135 -r1.137
>  --- libc/stdio-common/vfprintf.c	2007/03/17 17:08:56	1.135
> -+++ libc/stdio-common/vfprintf.c	2007/05/01 04:11:26	1.136
> -@@ -1160,19 +1160,25 @@
> ++++ libc/stdio-common/vfprintf.c	2007/05/02 08:15:50	1.137
> +@@ -1160,19 +1160,26 @@
>   		else							      \
>   		  {							      \
>   		    /* In case we have a multibyte character set the	      \
> @@ -19,7 +24,8 @@
>  +		       situation is more complicated.  We must not copy	      \
>   		       bytes at the end which form an incomplete character. */\
>  -		    wchar_t ignore[prec];				      \
> -+		    wchar_t ignore[1024];				      \
> ++		    size_t ignore_size = (unsigned) prec > 1024 ? 1024 : prec;\
> ++		    wchar_t ignore[ignore_size];			      \
>   		    const char *str2 = string;				      \
>  -		    mbstate_t ps;					      \
>  +		    const char *strend = string + prec;			      \

  This patch is *broken* the mbstowrc(or whatever name it has) later
uses '1024' as an arg somewhere. As the array is now a VLA, it should
use ignore_size and not 1024 anymore.

  I don't think it matters *much* but well, hey, let's be clean.
-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpZ5o3mb4P8x.pgp
Description: PGP signature

Reply to:

References:
- r2172 - glibc-package/trunk/debian/patches/any
  - From: Aurelien Jarno <aurel32@alioth.debian.org>

Prev by Date: Bug#422186: Acknowledgement (tzdata: [debconf_rewrite] Debconf templates review)
Next by Date: r2174 - in glibc-package/trunk/debian/patches: . any
Previous by thread: r2172 - glibc-package/trunk/debian/patches/any
Next by thread: r2173 - glibc-package/trunk/debian/sysdeps
Index(es):
- Date
- Thread