This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>, "Carlos O'Donell" <carlos at redhat dot com>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>, Joseph Myers <jsm28 at gcc dot gnu dot org>
- Date: Sun, 1 Feb 2015 13:36:16 -0800
- Subject: Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobPgvuBLTk4GzOchr792MHNi1yLgsO5Jqf8MPvY+bk544Q at mail dot gmail dot com>
On Sun, Feb 1, 2015 at 12:52 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> Greetings,
>
> Attached patch is a rather obvious fix for BZ 16618.
> I believe this bug deserves a CVE (I've asked for one), and the fix
> should definitely go into 2.21.
>
> Tested on Linux/x86_64, no new failures.
>
> Thanks,
> --
>
>
> Paul Pluzhnikov
>
>
> 2015-02-01 Paul Pluzhnikov <ppluzhnikov@google.com>
>
> [BZ #16618]
> * stdio-common/vfscanf.c (ADDW): Correct alloca size check and
> fix heap buffer overflow.
Please include the testcase in BZ #16618.
--
H.J.