The project "GNU C Library master sources". Generated because a ref change was pushed to the repository containing This is an automated email from the git hooks/post-receive script. The followup discusses other possible overflows there, though the stack would overflow first so they don't need considering until the use of the stack for large allocations is resolved. * has an assertion that the alloca is OK (which I disagree with on the first principle above regarding avoiding stack overflow, whether or not it is exploitable). * has a patch (which I have not tested), although it includes an excessively large testcase when something like the above generating the format string at runtime would seem better. I'm not asserting here whether it is or is not a security issue, but on general principles all glibc functions should bound their stack usage to avoid stack overflows with large but valid arguments, since stack overflows don't result in useful error reporting. Int ret = snprintf (output, LIMIT + 1, fmtstr, 0) ![]() Printf has an alloca that can overflow the stack when there are many format specifiers in a format string, as illustrated by the following testcase:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |