Re: r2172 - glibc-package/trunk/debian/patches/any

Fri, 04 May 2007 02:22:02 -0700 

On Thu, May 03, 2007 at 10:41:42PM +0000, Aurelien Jarno wrote:
> Author: aurel32
> Date: 2007-05-03 22:41:42 +0000 (Thu, 03 May 2007)
> New Revision: 2172
> 
> Modified:
>    glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff
> Log:
> Update cvs-vfprintf-stack-smashing.diff from CVS
> 
> 
> Modified: 
> glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff
> ===================================================================
> --- glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff   
> 2007-05-03 21:01:08 UTC (rev 2171)
> +++ glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff   
> 2007-05-03 22:41:42 UTC (rev 2172)
> @@ -1,3 +1,8 @@
> +2007-05-02  Jakub Jelinek  <[EMAIL PROTECTED]>
> +
> +     * stdio-common/vfprintf.c (process_string_arg): Use a VLA rather than
> +     fixed length array for ignore.
> +
>  2007-04-30  Ulrich Drepper  <[EMAIL PROTECTED]>
>  
>       [BZ #4438]
> @@ -7,11 +12,11 @@
>  ===================================================================
>  RCS file: /cvs/glibc/libc/stdio-common/vfprintf.c,v
>  retrieving revision 1.135
> -retrieving revision 1.136
> -diff -u -r1.135 -r1.136
> +retrieving revision 1.137
> +diff -u -r1.135 -r1.137
>  --- libc/stdio-common/vfprintf.c     2007/03/17 17:08:56     1.135
> -+++ libc/stdio-common/vfprintf.c     2007/05/01 04:11:26     1.136
> -@@ -1160,19 +1160,25 @@
> ++++ libc/stdio-common/vfprintf.c     2007/05/02 08:15:50     1.137
> +@@ -1160,19 +1160,26 @@
>               else                                                          \
>                 {                                                           \
>                   /* In case we have a multibyte character set the          \
> @@ -19,7 +24,8 @@
>  +                   situation is more complicated.  We must not copy       \
>                      bytes at the end which form an incomplete character. */\
>  -                wchar_t ignore[prec];                                     \
> -+                wchar_t ignore[1024];                                     \
> ++                size_t ignore_size = (unsigned) prec > 1024 ? 1024 : prec;\
> ++                wchar_t ignore[ignore_size];                              \
>                   const char *str2 = string;                                \
>  -                mbstate_t ps;                                             \
>  +                const char *strend = string + prec;                       \

  This patch is *broken* the mbstowrc(or whatever name it has) later
uses '1024' as an arg somewhere. As the array is now a VLA, it should
use ignore_size and not 1024 anymore.

  I don't think it matters *much* but well, hey, let's be clean.
-- 
·O·  Pierre Habouzit
··O                                                [EMAIL PROTECTED]
OOO                                                http://www.madism.org

Attachment: pgpxmzpZejtq8.pgp
Description: PGP signature

Reply via email to