This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug stdio/14771] New: add length sanity check to snprintf
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Fri, 26 Oct 2012 10:06:34 +0000
- Subject: [Bug stdio/14771] New: add length sanity check to snprintf
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=14771
Bug #: 14771
Summary: add length sanity check to snprintf
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: stdio
AssignedTo: fweimer@redhat.com
ReportedBy: fweimer@redhat.com
Classification: Unclassified
We should reject impossibly large size arguments for snprintf, vsprintf. This
is similar to bug 13592. Passing (size_t)-1 to snprintf to emulate the sprintf
behavior might actually be valid code, so this would have to be restricted to
-D_FORTIFY_SOURCE mode.
This is prompted by
<https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html>
(CVE-2012-5671).
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.