This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
On Monday, March 05, 2012 13:31:38 Joseph S. Myers wrote:
> On Mon, 5 Mar 2012, Andreas Jaeger wrote:
> > > 2012-03-02 Kees Cook <keescook@chromium.org>
> > >
> > > [BZ #13656]
> > > * stdio-common/vfprintf.c (vfprintf): Check for nargs overflow
and
> > > possibly allocate from heap instead of stack.
> > > * stdio-common/bug-vfprintf-nargs.c: New file.
> > > * stdio-common/Makefile (tests): Add nargs overflow test.
> >
> > Thanks, this is ok now.
> >
> > I committed it to trunk and added a glibc_2.15 mark to the bug report,
>
> If 13656 is now fully fixed then NEWS needs to be updated (this is
> something for committers rather than patch submitters to do since
> patches to the list of fixed bugs in NEWS won't generally apply
> directly for the same reason as patches to ChangeLog files).
You're right - I've forgotten this and done this now,
Andreas
--
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126