This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Paul Pluzhnikov <ppluzhnikov at gmail dot com>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Sun, 22 Feb 2015 20:47:46 +0100
- Subject: Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobNWgCzh0=5pRMoy39jorDiD4A1QcsyatFDXdCZpMA2X4Q at mail dot gmail dot com> <CALoOobNvKAhQ2+r1yUZiYVsKChd7KTcHcpb_shMTNnMMTLQj5Q at mail dot gmail dot com> <87fv9yfdsx dot fsf at mid dot deneb dot enyo dot de> <CAPC3xapaAjL-J9zkq+GRxoHDcuSC1Nm3+YohNR-CgSdHkZm-VA at mail dot gmail dot com>
* Paul Pluzhnikov:
> On Sun, Feb 22, 2015 at 2:20 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
>
>> ânew_size == SIZE_MAX / sizeof (wchar_t)â should still be okay,
>> shouldn't it?
>
> Right.
Okay to commit, but â
> 2015-02-22 Paul Pluzhnikov <ppluzhnikov@google.com>
>
> [BZ #17269]
> * NEWS: Mention 17269
> * libio/wstrops.c (_IO_wstr_overflow): Guard against integer overflow
> (enlarge_userbuf): Likewise.
â no changelog entry for NEWS, please.
Will you ask on oss-security for CVE assignment?