User "Platonides" posted a comment on MediaWiki.r93214. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/93214#c20202 Commit summary:
Remove buffer overflow due to unchecked substring_length Changed sprintf to memcpy since the latter should be slightly more efficient. Comment: I wasn't thinking in path variable, but in lang. By providing the url http://123456789012345678901234567890123456.wikipedia.org/wiki/phising.com as input, I can get replacement_url overwritten to 9099 (with -O0). The (\w+) in the regex saves the day in this specific case (you can't create a url nor use %), but don't relay on it. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
