bug#8683: printf out-of-bounds memory access

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#8683: printf out-of-bounds memory access

From:	Paul Marinescu
Subject:	bug#8683: printf out-of-bounds memory access
Date:	Tue, 17 May 2011 16:31:40 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7

In coreutils 8.12 (latest), printf can make an out-of-bounds access whenan integer argument consists only of a single or double quote.

The printf spec mentions that an integer argument consisting of asingle/double quote followed by a character is interpreted as the ASCIIvalue of that character. However, when the quote is alone, the code inthe STRTOX macro (printf.c:171) goes beyond the buffer associated withthe argument.


Possible fix: report an error at printf.c:166 if ch is 0.


Paul

[Prev in Thread]

Current Thread

[Next in Thread]

bug#8683: printf out-of-bounds memory access, Paul Marinescu <=
- bug#8683: printf out-of-bounds memory access, Pádraig Brady, 2011/05/17
  - bug#8683: printf out-of-bounds memory access, Pádraig Brady, 2011/05/17

Prev by Date: bug#8676: ls --si --human-readable, MB vs M
Next by Date: bug#8683: printf out-of-bounds memory access
Previous by thread: bug#8676: ls --si --human-readable, MB vs M
Next by thread: bug#8683: printf out-of-bounds memory access
Index(es):
- Date
- Thread