lines 27 and 28 of rrd_not_thread_safe.c are the wrong way round. as a
result, global_ctx->rrd_error points to a 256 byte buffer, while
global_ctx->len claims it's 4096 bytes.
this means a long enough error message can lead to a buffer overflow in
rrd_set_error().
the attached patch (against the SVN snapshot) fixes this.
--matt
--
Matthew Boyle
Junior Systems Administrator
DecisionSoft Limited http://www.decisionsoft.com
--- rrdtool-1.2.99908020600/src/rrd_not_thread_safe.c 2008-04-08 23:00:54.000000000 +0100
+++ rrdtool-1.2.99908020600-modified/src/rrd_not_thread_safe.c 2008-04-10 10:53:17.655432570 +0100
@@ -24,8 +24,8 @@
static struct rrd_context global_ctx = {
MAXLEN,
ERRBUFLEN,
+ rrd_liberror,
rrd_error,
- rrd_liberror
};
/* #include <stdarg.h> */
_______________________________________________
rrd-developers mailing list
[email protected]
https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers
