[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FYI: fix possible write beyond array bound in trim
|
From: |
Ralf Wildenhues |
|
Subject: |
FYI: fix possible write beyond array bound in trim |
|
Date: |
Sat, 1 Sep 2007 12:50:13 +0200 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
If libltdl reads a .la file that was manually modified to contain
trailing junk after variable settings with singly-quoted right hand
side, the trim function writes beyond the end of an allocated string.
Fixed in both branches with the patches below.
Cheers,
Ralf
HEAD:
2007-09-01 Ralf Wildenhues <address@hidden>
* libltdl/ltdl.c (trim): Fix possible write beyond array bound.
Index: libltdl/ltdl.c
===================================================================
RCS file: /cvsroot/libtool/libtool/libltdl/ltdl.c,v
retrieving revision 1.262
diff -u -r1.262 ltdl.c
--- libltdl/ltdl.c 1 Sep 2007 10:43:28 -0000 1.262
+++ libltdl/ltdl.c 1 Sep 2007 10:47:57 -0000
@@ -989,7 +989,7 @@
return 1;
memcpy(tmp, &str[1], (end - str) - 1);
- tmp[len-3] = LT_EOS_CHAR;
+ tmp[(end - str) - 1] = LT_EOS_CHAR;
*dest = tmp;
}
else
branch-1-5:
2007-09-01 Ralf Wildenhues <address@hidden>
* libltdl/ltdl.c (trim): Fix possible write beyond array bound.
Index: libltdl/ltdl.c
===================================================================
RCS file: /cvsroot/libtool/libtool/libltdl/ltdl.c,v
retrieving revision 1.174.2.30
diff -u -r1.174.2.30 ltdl.c
--- libltdl/ltdl.c 1 Sep 2007 08:14:04 -0000 1.174.2.30
+++ libltdl/ltdl.c 1 Sep 2007 10:48:25 -0000
@@ -3043,7 +3043,7 @@
return 1;
strncpy(tmp, &str[1], (end - str) - 1);
- tmp[len-3] = LT_EOS_CHAR;
+ tmp[(end - str) - 1] = LT_EOS_CHAR;
*dest = tmp;
}
else
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- FYI: fix possible write beyond array bound in trim,
Ralf Wildenhues <=