Bugs item #1724523, was opened at 2007-05-23 18:39 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=102439&aid=1724523&group_id=2439
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Vade 79 (fakehalo) Assigned to: Nobody/Anonymous (nobody) Summary: TeX / ParseCommand() Buffer Overflow Initial Comment: this is another bug i submitted related to notepad++, and found that this project was the root of it...this appears to fall in the same category(although i haven't checked the scintilla CVS directly, i'm assuming it hasn't been modified) ----- TeX / ParseCommand() Buffer Overflow here's another one: type(without quotes): "\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" into notepad++ and switch to TeX formatting, the problem is ParseCommand() writes to buffer[100] with no bound limitation. needs to be alphabetical, so it's not as easy to run arbitrary code...but still possible given some situations. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=102439&aid=1724523&group_id=2439 _______________________________________________ Scintilla-interest mailing list [email protected] http://mailman.lyra.org/mailman/listinfo/scintilla-interest
