This is the mail archive of the
insight@sources.redhat.com
mailing list for the Insight project.
Re: Buffer Overflow Patch in GDB/TCL Interface code.
- To: Syd Polk <spolk at redhat dot com>
- Subject: Re: Buffer Overflow Patch in GDB/TCL Interface code.
- From: "Mike A. Harris" <mharris at opensourceadvocate dot org>
- Date: Thu, 19 Oct 2000 18:22:48 -0400 (EDT)
- cc: Fernando Nasser <fnasser at cygnus dot com>, insight at sources dot redhat dot com
- Copyright: Copyright 2000 by Mike A. Harris - All rights reserved
On Thu, 19 Oct 2000, Syd Polk wrote:
>Date: Thu, 19 Oct 2000 09:20:54 -0700
>From: Syd Polk <spolk@redhat.com>
>To: Fernando Nasser <fnasser@cygnus.com>
>Cc: insight@sources.redhat.com
>Content-Type: text/plain; charset=us-ascii
>Subject: Re: Buffer Overflow Patch in GDB/TCL Interface code.
>
>My only concern is whether this call, asprintf, is available on all platforms.
>
IMHO, calls to any functions such as this, are just oddball
memleak situations waiting to happen. I've never heard of
asprintf before myself.. Shouldn't it also be asnprintf() to
avoid a potential overflow? Sorry if not, as I haven't looked at
the actual usage in the code. Just some thoughts to share..
Take care!
TTYL
----------------------------------------------------------------------
Mike A. Harris - Linux advocate - Open source advocate
Computer Consultant - Capslock Consulting
Copyright 2000 all rights reserved
----------------------------------------------------------------------
If you're interested in computer security, and want to stay on top of the
latest security exploits, and other information, visit:
http://www.securityfocus.com