This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix for heap overflow in wscanf (BZ 16618)

From: "H.J. Lu" <hjl dot tools at gmail dot com>
To: Paul Pluzhnikov <ppluzhnikov at google dot com>, "Carlos O'Donell" <carlos at redhat dot com>
Cc: GLIBC Devel <libc-alpha at sourceware dot org>, Joseph Myers <jsm28 at gcc dot gnu dot org>
Date: Sun, 1 Feb 2015 13:36:16 -0800
Subject: Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
Authentication-results: sourceware.org; auth=none
References: <CALoOobPgvuBLTk4GzOchr792MHNi1yLgsO5Jqf8MPvY+bk544Q at mail dot gmail dot com>

On Sun, Feb 1, 2015 at 12:52 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> Greetings,
>
> Attached patch is a rather obvious fix for BZ 16618.
> I believe this bug deserves a CVE (I've asked for one), and the fix
> should definitely go into 2.21.
>
> Tested on Linux/x86_64, no new failures.
>
> Thanks,
> --
>
>
> Paul Pluzhnikov
>
>
> 2015-02-01  Paul Pluzhnikov  <ppluzhnikov@google.com>
>
>         [BZ #16618]
>         * stdio-common/vfscanf.c (ADDW): Correct alloca size check and
>         fix heap buffer overflow.

Please include the testcase in BZ #16618.

-- 
H.J.

Follow-Ups:
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Paul Pluzhnikov

References:
- [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]