-
Show log
Commit
-
Hash : c8f0723d
Author :
Date : 2016-01-27T15:10:11
Fix heap buffer overflow in fgetwln() In the function fgetwln() there's a 4 byte heap overflow. There is a while loop that has this check to see whether there's still enough space in the buffer: if (!fb->len || wused > fb->len) { If this is true more memory gets allocated. However this test won't be true if wused == fb->len, but at that point wused already points out of the buffer. Some lines later there's a write to the buffer: fb->wbuf[wused++] = wc; This bug was found with the help of address sanitizer. Warned-by: ASAN Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=93881 Signed-off-by: Guillem Jover <guillem@hadrons.org>
-
Files
- Makefile.am
- arc4random.c
- arc4random.h
- arc4random_openbsd.h
- arc4random_uniform.c
- arc4random_unix.h
- bsd_getopt.c
- chacha_private.h
- closefrom.c
- dehumanize_number.c
- err.c
- expand_number.c
- explicit_bzero.c
- fgetln.c
- fgetwln.c
- flopen.c
- fmtcheck.c
- fparseln.c
- fpurge.c
- funopen.c
- getbsize.c
- getentropy.c
- getentropy_aix.c
- getentropy_bsd.c
- getentropy_hpux.c
- getentropy_hurd.c
- getentropy_linux.c
- getentropy_osx.c
- getentropy_solaris.c
- getpeereid.c
- hash/
- heapsort.c
- humanize_number.c
- inet_net_pton.c
- libbsd-ctor.pc.in
- libbsd-overlay.pc.in
- libbsd.map
- libbsd.pc.in
- local-elf.h
- local-link.h
- merge.c
- nlist.c
- pidfile.c
- progname.c
- radixsort.c
- readpassphrase.c
- reallocarray.c
- reallocf.c
- setmode.c
- setproctitle.c
- setproctitle_ctor.c
- stringlist.c
- strlcat.c
- strlcpy.c
- strmode.c
- strnstr.c
- strtonum.c
- timeconv.c
- unvis.c
- vis.c
- wcslcat.c
- wcslcpy.c
-
Properties
-
Git HTTP https://git.kmx.io/kc3-lang/libbsd.git Git SSH git@git.kmx.io:kc3-lang/libbsd.git Public access ? public Description Users
Tags
