This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets

From: "Joseph S. Myers" <joseph at codesourcery dot com>
To: Andreas Jaeger <aj at suse dot com>
Cc: libc-alpha at sourceware dot org
Date: Mon, 5 Mar 2012 12:31:38 +0000 (UTC)
Subject: Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
References: <20120302210640.GJ3990@outflux.net> <201203051036.23212.aj@suse.com>

On Mon, 5 Mar 2012, Andreas Jaeger wrote:

> > 2012-03-02  Kees Cook  <keescook@chromium.org>
> > 
> > 	[BZ #13656]
> > 	* stdio-common/vfprintf.c (vfprintf): Check for nargs overflow and
> > 	possibly allocate from heap instead of stack.
> > 	* stdio-common/bug-vfprintf-nargs.c: New file.
> > 	* stdio-common/Makefile (tests): Add nargs overflow test.
> 
> Thanks, this is ok now.
> 
> I committed it to trunk and added a glibc_2.15 mark to the bug report,

If 13656 is now fully fixed then NEWS needs to be updated (this is 
something for committers rather than patch submitters to do since patches 
to the list of fixed bugs in NEWS won't generally apply directly for the 
same reason as patches to ChangeLog files).

-- 
Joseph S. Myers
joseph@codesourcery.com

Follow-Ups:
- Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
  - From: Andreas Jaeger

References:
- [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
  - From: Kees Cook
- Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
  - From: Andreas Jaeger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]