URL:
<http://savannah.gnu.org/bugs/?32122>
Summary: unsufficient stack space for sprintf
Project: texinfo - GNU documentation system
Submitted by: keescook
Submitted on: Thu 13 Jan 2011 10:24:24 PM GMT
Category: makeinfo
Release: 4.13a
Priority: 5 - Normal
Severity: 3 - Normal
Item Group: bug
Privacy: Public
Open/Closed: Open
Assigned to: None
Discussion Lock: Any
Status: None
_______________________________________________________
Details:
makeinfo/sectioning.c:
char s[1];
sprintf (s, "%c", numbers[0] + 64);
return xstrdup (s);
sprintf() above with write 2 bytes, even though s is only 1. Attached patch
fixes this and nearby overflow.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?32122>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
