This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug stdio/16617] printf stack overflow with many format specs (CVE-2012-3406)
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sat, 22 Feb 2014 02:46:14 +0000
- Subject: [Bug stdio/16617] printf stack overflow with many format specs (CVE-2012-3406)
- Auto-submitted: auto-generated
- References: <bug-16617-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16617
Rich Felker <bugdal at aerifal dot cx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugdal at aerifal dot cx
--- Comment #2 from Rich Felker <bugdal at aerifal dot cx> ---
For what it's worth, the CVE is nonsense. printf has UB unless the arguments
match the format specifiers, and in fact allowing an arbitrary format string to
be taken from untrusted input is already a security bug (in the application)
due to %n. If you really have a case where printf has so many arguments and
format specifiers that it overflows the stack parsing the format string, you
were already using a ridiculous number of variadic arguments that were
themselves likely to overflow the stack (on the same order of magnitude).
In principle I'm all for eliminating use of alloca, but in this case if the
alternative is using malloc, I think that's worse; it would preclude efforts to
fix the AS-safety of dprintf and snprintf.
--
You are receiving this mail because:
You are on the CC list for the bug.