[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#7213: [PATCH] sort: fix buffer overrun on 32-bit hosts when warning
From: |
Pádraig Brady |
Subject: |
bug#7213: [PATCH] sort: fix buffer overrun on 32-bit hosts when warning re obsolete keys |
Date: |
Thu, 14 Oct 2010 11:27:24 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 |
Ah I wasn't aware anytostr put the numbers at the end of the buffer.
That's confirmed by replacing the tmp buffer with one on the heap
and running:
$ valgrind ./src/sort --debug +0 -1 /dev/null
==25943== Memcheck, a memory error detector.
==25943== Invalid write of size 1
==25943== at 0x8051F25: umaxtostr (anytostr.c:34)
==25943== by 0x8050D95: main (sort.c:2336)
==25943== Address 0x4026f64 is 9 bytes after a block of size 11 alloc'd
On 14/10/10 08:12, Paul Eggert wrote:
> * src/sort.c (key_warnings): Local buffer should be of size
> INT_BUFSIZE_BOUND (uintmax_t), not INT_BUFSIZE_BOUND (sword).
> This bug was discovered by running 'make check' on a 32-bit
> Solaris 8 sparc host, using Sun cc.
So the test failed due to buffer overrun side effects?
thanks!
Pádraig.