Patches item #1848295, was opened at 2007-12-11 01:53 Message generated for change (Settings changed) made by zmoelnig You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: puredata Group: bugfix >Status: Pending Resolution: None Priority: 5 Private: No Submitted By: Russell Bryant (russellbryant) Assigned to: Miller Puckette (millerpuckette) Summary: Fix small potential stack overflow Initial Comment: Attached is a patch to fix another potential stack buffer overflow in s_main.c. I didn't send this over in private because I don't think it can be exploited in any useful way, so it's just a small bug. ---------------------------------------------------------------------- Comment By: Miller Puckette (millerpuckette) Date: 2008-01-14 19:45 Message: Logged In: YES user_id=313747 Originator: NO taken. ---------------------------------------------------------------------- Comment By: Hans-Christoph Steiner (eighthave) Date: 2007-12-26 22:45 Message: Logged In: YES user_id=27104 Originator: NO checked into branch-v0-40-extended ---------------------------------------------------------------------- Comment By: Russell Bryant (russellbryant) Date: 2007-12-11 03:41 Message: Logged In: YES user_id=1942915 Originator: YES Also, let me just clarify my original summary just a little bit. You can cause the overrun of the buffer by providing a really long input string to the -schedlib command line option. It's just not exploitable in such a way that it would be considered a security issue. ---------------------------------------------------------------------- Comment By: Russell Bryant (russellbryant) Date: 2007-12-11 03:38 Message: Logged In: YES user_id=1942915 Originator: YES I'm sorry for the stupid typo. That code is actually only compiled in for a Windows build (whenever MSW is defined), so I didn't notice. ---------------------------------------------------------------------- Comment By: Russell Bryant (russellbryant) Date: 2007-12-11 03:36 Message: Logged In: YES user_id=1942915 Originator: YES File Added: filename_overflow.patch2.txt ---------------------------------------------------------------------- Comment By: Hans-Christoph Steiner (eighthave) Date: 2007-12-11 02:18 Message: Logged In: YES user_id=27104 Originator: NO I am guessing there is a typo in that patch, since the new line also uses sprintf() instead of snprintf(): - sprintf(filename, "%s.dll", sys_externalschedlibname); + sprintf(filename, sizeof(filename), "%s.dll", sys_externalschedlibname); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1848295&group_id=55736 _______________________________________________ PD-dev mailing list [email protected] http://lists.puredata.info/listinfo/pd-dev
