The Samba-Bugzilla – Attachment 12161 Details for
Bug 11947
lib/replace/snprintf.c:fmtint -- buffer too small (convert[20])
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.4.next, 4.3.next.
0001-lib-replace-snprintf-Fix-length-calculation-for-hex-.patch (text/plain), 1.67 KB, created by
Jeremy Allison
on 2016-06-03 17:14:03 UTC
(
hide
)
Description:
git-am fix for 4.4.next, 4.3.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-06-03 17:14:03 UTC
Size:
1.67 KB
patch
obsolete
>From 44faa52d3cdb68abe3018acd8973e21356bc7461 Mon Sep 17 00:00:00 2001 >From: Lorinczy Zsigmond <lzsiga@freemail.c3.hu> >Date: Thu, 2 Jun 2016 14:54:05 -0700 >Subject: [PATCH] lib: replace: snprintf - Fix length calculation for hex/octal > 64-bit values. > >Prevents truncation due to buffer size being too small. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11947 > >Signed-off-by: Lorinczy Zsigmond <lzsiga@freemail.c3.hu> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Michael Adam <obnox@samba.org> > >Autobuild-User(master): Michael Adam <obnox@samba.org> >Autobuild-Date(master): Fri Jun 3 03:48:58 CEST 2016 on sn-devel-144 > >(cherry picked from commit 8814b2556583e1f8965e8bf5a93438d46e8d43e6) >--- > lib/replace/snprintf.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > >diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c >index 86ba74c..63eb036 100644 >--- a/lib/replace/snprintf.c >+++ b/lib/replace/snprintf.c >@@ -804,7 +804,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen, > { > int signvalue = 0; > unsigned LLONG uvalue; >- char convert[20]; >+ char convert[22+1]; /* 64-bit value in octal: 22 digits + \0 */ > int place = 0; > int spadlen = 0; /* amount to space pad */ > int zpadlen = 0; /* amount to zero pad */ >@@ -834,8 +834,8 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen, > (caps? "0123456789ABCDEF":"0123456789abcdef") > [uvalue % (unsigned)base ]; > uvalue = (uvalue / (unsigned)base ); >- } while(uvalue && (place < 20)); >- if (place == 20) place--; >+ } while(uvalue && (place < sizeof(convert))); >+ if (place == sizeof(convert)) place--; > convert[place] = 0; > > zpadlen = max - place; >-- >2.8.0.rc3.226.g39d4020 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review?
(
obnox
)
slow
:
review+
asn
:
review+
Actions:
View
Attachments on
bug 11947
:
12159
|
12160
| 12161