So this bug: https://sourceware.org/bugzilla/show_bug.cgi?id=6530
Brought to my attention the fact that %s length limiters are _characters_, not bytes. The default locale is C so it's equivalent up until you call setlocale(), and then suddenly there's heap and stack overflow possibilities all over the place. To fix this I added a TOYFLAG_LOCALE that you have to set in a command that wants setlocale() called on the way in. It no longer happens by default when you enable CFG_I18N. Just FYI: who would have thought that complicating the system and changing the behavior of all sorts of base library functions in subtle ways would open security holes? Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
