This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] vfprintf: validate nargs and maybe allocate from heap


Hi Paul,

On Mon, Feb 06, 2012 at 12:39:23AM -0800, Paul Eggert wrote:
> One more thing.  Aren't there similar integer or stack overflow problems
> in other parts of the vfprintf.c code?  E.g.:

Yeah, my intention is to examine the rest of the code for similar issues.

>             specs = extend_alloca (specs, nspecs_size, 2 * nspecs_size);

This on in particular I've looked at and have mostly convinced myself that
it is okay, since it must constantly copy the previous memory into the
newly allocated region.

> (This is not an exhaustive list.)  I'm not asking you to fix all
> of them right now, just for whether you think these other things
> need fixing too.

I'll want to look closer, for more than just simple overflow, but haven't
yet.

-Kees

-- 
Kees Cook                                            @outflux.net


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]