FreeBSD Bugzilla – Attachment 159080 Details for
Bug 201657
Buffer overflow in libdtrace
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible fix
libdtrace-cid1018005.diff (text/plain), 1.19 KB, created by
Pedro F. Giffuni
on 2015-07-22 18:49:34 UTC
(
hide
)
Description:
Possible fix
Filename:
MIME Type:
Creator:
Pedro F. Giffuni
Created:
2015-07-22 18:49:34 UTC
Size:
1.19 KB
patch
obsolete
>Index: cddl/contrib/opensolaris/lib/libdtrace/common/dt_printf.c >=================================================================== >--- cddl/contrib/opensolaris/lib/libdtrace/common/dt_printf.c (revision 285796) >+++ cddl/contrib/opensolaris/lib/libdtrace/common/dt_printf.c (working copy) >@@ -1348,6 +1348,7 @@ > dtrace_aggdesc_t *agg; > caddr_t lim = (caddr_t)buf + len, limit; > char format[64] = "%"; >+ size_t ret; > int i, aggrec, curagg = -1; > uint64_t normal; > >@@ -1380,6 +1381,7 @@ > int rval; > > char *f = format + 1; /* skip initial '%' */ >+ size_t fmtsz = sizeof (format) -1; > const dtrace_recdesc_t *rec; > dt_pfprint_f *func; > caddr_t addr; >@@ -1558,11 +1560,17 @@ > if (func == pfprint_stack && (pfd->pfd_flags & DT_PFCONV_LEFT)) > width = 0; > >- if (width != 0) >- f += snprintf(f, sizeof (format), "%d", ABS(width)); >+ if (width != 0) { >+ ret = snprintf(f, fmtsz, "%d", ABS(width)); >+ f += ret; >+ fmtsz = MAX(0, fmtsz - ret); >+ } > >- if (prec > 0) >- f += snprintf(f, sizeof (format), ".%d", prec); >+ if (prec > 0) { >+ ret = snprintf(f, fmtsz, ".%d", prec); >+ f += ret; >+ fmtsz = MAX(0, fmtsz - ret); >+ } > > (void) strcpy(f, pfd->pfd_fmt); > pfd->pfd_rec = rec;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159080">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201657
: 159080