r2225 - glibc-package/branches/glibc-branch-etch/debian/patches/any

To: debian-glibc@lists.debian.org
Subject: r2225 - glibc-package/branches/glibc-branch-etch/debian/patches/any
From: madcoder@alioth.debian.org
Date: Tue, 15 May 2007 12:30:58 +0000
Message-id: <[🔎] E1HnwB8-0005XV-QZ@alioth.debian.org>

Author: madcoder
Date: 2007-05-15 12:30:58 +0000 (Tue, 15 May 2007)
New Revision: 2225

Added:
   glibc-package/branches/glibc-branch-etch/debian/patches/any/cvs-vfprintf-stack-smashing.diff
Log:
missing file

Added: glibc-package/branches/glibc-branch-etch/debian/patches/any/cvs-vfprintf-stack-smashing.diff
===================================================================
--- glibc-package/branches/glibc-branch-etch/debian/patches/any/cvs-vfprintf-stack-smashing.diff	                        (rev 0)
+++ glibc-package/branches/glibc-branch-etch/debian/patches/any/cvs-vfprintf-stack-smashing.diff	2007-05-15 12:30:58 UTC (rev 2225)
@@ -0,0 +1,55 @@
+2007-05-02  Jakub Jelinek  <jakub@redhat.com>
+
+	* stdio-common/vfprintf.c (process_string_arg): Use a VLA rather than
+	fixed length array for ignore.
+
+2007-04-30  Ulrich Drepper  <drepper@redhat.com>
+
+	[BZ #4438]
+	* stdio-common/vfprintf.c (process_string_arg): Don't overflow the
+	stack for large precisions.
+
+===================================================================
+RCS file: /cvs/glibc/libc/stdio-common/vfprintf.c,v
+retrieving revision 1.135
+retrieving revision 1.137
+Index: glibc-2.5/stdio-common/vfprintf.c
+===================================================================
+--- glibc-2.5.orig/stdio-common/vfprintf.c	2006-05-02 22:25:15.000000000 +0200
++++ glibc-2.5/stdio-common/vfprintf.c	2007-05-04 11:26:16.049828248 +0200
+@@ -1159,19 +1159,26 @@
+ 		else							      \
+ 		  {							      \
+ 		    /* In case we have a multibyte character set the	      \
+-		       situation is more compilcated.  We must not copy	      \
++		       situation is more complicated.  We must not copy	      \
+ 		       bytes at the end which form an incomplete character. */\
+-		    wchar_t ignore[prec];				      \
++		    size_t ignore_size = (unsigned) prec > 1024 ? 1024 : prec;\
++		    wchar_t ignore[ignore_size];			      \
+ 		    const char *str2 = string;				      \
+-		    mbstate_t ps;					      \
++		    const char *strend = string + prec;			      \
++		    if (strend < string)				      \
++		      strend = (const char *) UINTPTR_MAX;		      \
+ 									      \
++		    mbstate_t ps;					      \
+ 		    memset (&ps, '\0', sizeof (ps));			      \
+-		    if (__mbsnrtowcs (ignore, &str2, prec, prec, &ps)	      \
+-			== (size_t) -1)					      \
+-		      {							      \
+-			done = -1;					      \
+-			goto all_done;					      \
+-		      }							      \
++									      \
++		    while (str2 != NULL && str2 < strend)		      \
++		      if (__mbsnrtowcs (ignore, &str2, strend - str2,	      \
++					ignore_size, &ps) == (size_t) -1)     \
++			{						      \
++			  done = -1;					      \
++			  goto all_done;				      \
++			}						      \
++									      \
+ 		    if (str2 == NULL)					      \
+ 		      len = strlen (string);				      \
+ 		    else						      \

Reply to:

Prev by Date: Processed: closing 423369
Next by Date: r2226 - glibc-package/branches/glibc-branch-etch/debian/patches/any
Previous by thread: Processed: closing 423369
Next by thread: r2226 - glibc-package/branches/glibc-branch-etch/debian/patches/any
Index(es):
- Date
- Thread