Patches item #1848295, was opened at 2007-12-10 18:53 Message generated for change (Comment added) made by russellbryant You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: puredata Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Russell Bryant (russellbryant) Assigned to: Nobody/Anonymous (nobody) Summary: Fix small potential stack overflow Initial Comment: Attached is a patch to fix another potential stack buffer overflow in s_main.c. I didn't send this over in private because I don't think it can be exploited in any useful way, so it's just a small bug. ---------------------------------------------------------------------- >Comment By: Russell Bryant (russellbryant) Date: 2007-12-10 20:38 Message: Logged In: YES user_id=1942915 Originator: YES I'm sorry for the stupid typo. That code is actually only compiled in for a Windows build (whenever MSW is defined), so I didn't notice. ---------------------------------------------------------------------- Comment By: Russell Bryant (russellbryant) Date: 2007-12-10 20:36 Message: Logged In: YES user_id=1942915 Originator: YES File Added: filename_overflow.patch2.txt ---------------------------------------------------------------------- Comment By: Hans-Christoph Steiner (eighthave) Date: 2007-12-10 19:18 Message: Logged In: YES user_id=27104 Originator: NO I am guessing there is a typo in that patch, since the new line also uses sprintf() instead of snprintf(): - sprintf(filename, "%s.dll", sys_externalschedlibname); + sprintf(filename, sizeof(filename), "%s.dll", sys_externalschedlibname); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736 _______________________________________________ PD-dev mailing list [email protected] http://lists.puredata.info/listinfo/pd-dev
