>>> Ali H. Fardan <[email protected]> 5-Sep-16 09:09 >>> > > On 2016-09-05 11:03, Tom Cosgrove wrote: > : > > It does allocate the correct buffer size. It's got all the > > information it needs to do that with the format string and the > > parameters. Then it returns the buffer address via the `ret' > > argument. > > > > If you don't believe us, read the source code and tell us where we > > are wrong. > > > > Tom > > then that patch does weaken security, the buffer can overflow.
asprintf() allocates the buffer, of the size it needs. It can't overflow. It makes no change to security. The patch is fine - you'll notice it's already been committed. Tom
