[sr #104303] format in m4

bug-m4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sr #104303] format in m4

From:	Eric Blake
Subject:	[sr #104303] format in m4
Date:	Thu, 29 Jun 2006 13:37:41 -0000
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4

Update of sr #104303 (project m4):

                Priority:              5 - Normal => 7 - High               
                Severity:              3 - Normal => 6 - Security           
                  Status:                    None => Confirmed              
             Assigned to:                    None => ericb                  

    _______________________________________________________

Follow-up Comment #1:

Confirmed.  Depending on whether configure detected ecvt (which POSIX has
declared obsolete), we are either using ecvt to format ourselves (with the
risk of doing it wrong, as you demonstrated), or overflowing a buffer and
allowing execution of arbitrary code by letting sprintf do the formatting. 
m4 1.4.5 will have a fix for this issue.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?func=detailitem&item_id=104303>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[sr #104303] format in m4, Eric Blake <=

Prev by Date: m4-1.4.4/install-sh
Next by Date: [sr #101769] can't compile m4 on solaris
Previous by thread: m4-1.4.4/install-sh
Next by thread: [sr #101769] can't compile m4 on solaris
Index(es):
- Date
- Thread