Hi Denis,
wondering if the bug is truly in the code or if gcc is pretending there
is a problem. Can you explain a little more?
I'm susprised that gcc only sees a problem in the width handling, but
not in the immediately following prec handling which has the same issue.
Because in the width case it's rather obvious that f is at most 7 chars
past the beginning of format, which is 64 chars big. So the problem is
at best theoretical from how I read it.
Klaus
On 28.11.2016 10:11, Denis Medvedev wrote:
Dear developers,
I am proposing the following patch under MIT license. It fixes buffer
overflow in dtprintf. That error does not allow compilation
of VirtualBox with strict gcc checks.
diff --git
a/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
b/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
index 18edcc0..906ec9b 100644
---
a/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
+++
b/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
@@ -1605,7 +1605,7 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE *fp,
const dt_pfargv_t *pfv,
width = 0;
if (width != 0)
- f += snprintf(f,(((sizeof
(format)-(f-format))>0) ? sizeof(format) - (f-format):0), "%d",
ABS(width));
+ f += snprintf(f, sizeof (format) - (f - format),
"%d", ABS(width));
if (prec > 0)
f += snprintf(f, sizeof (format) - (f - format),
".%d", prec);
_______________________________________________
vbox-dev mailing list
vbox-dev@virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev
