Summary: | Out-of-bounds read in wcslcat(3) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Alexander Cherepanov <cherepan> | ||||||
Component: | bin | Assignee: | Brooks Davis <brooks> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Some People | CC: | brooks | ||||||
Priority: | --- | Keywords: | patch | ||||||
Version: | CURRENT | Flags: | brooks:
mfc-stable10+
brooks: mfc-stable9+ |
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Description
Alexander Cherepanov
2016-01-12 22:43:51 UTC
Created attachment 165470 [details]
Patch
Great catch! I'll get this committed. A commit references this bug: Author: brooks Date: Wed Jan 13 21:50:09 UTC 2016 New revision: 293856 URL: https://svnweb.freebsd.org/changeset/base/293856 Log: Avoid reading pass the end of the source buffer when it is not NUL terminated. If this buffer is adjacent to an unmapped page or a version of C with bounds checked is used this may result in a crash. PR: 206178 Submitted by: Alexander Cherepanov <cherepan@mccme.ru> MFC after: 1 week Changes: head/lib/libc/string/wcslcat.c A commit references this bug: Author: brooks Date: Wed Jan 20 19:26:05 UTC 2016 New revision: 294455 URL: https://svnweb.freebsd.org/changeset/base/294455 Log: MFC r293856: Avoid reading pass the end of the source buffer when it is not NUL terminated. If this buffer is adjacent to an unmapped page or a version of C with bounds checked is used this may result in a crash. PR: 206178 Submitted by: Alexander Cherepanov <cherepan@mccme.ru> Changes: _U stable/10/ stable/10/lib/libc/string/wcslcat.c A commit references this bug: Author: brooks Date: Wed Jan 20 19:56:44 UTC 2016 New revision: 294457 URL: https://svnweb.freebsd.org/changeset/base/294457 Log: MFC r293856: Avoid reading pass the end of the source buffer when it is not NUL terminated. If this buffer is adjacent to an unmapped page or a version of C with bounds checked is used this may result in a crash. PR: 206178 Submitted by: Alexander Cherepanov <cherepan@mccme.ru> Changes: _U stable/9/lib/libc/ stable/9/lib/libc/string/wcslcat.c A commit references this bug: Author: brooks Date: Fri Jan 22 00:13:18 UTC 2016 New revision: 294538 URL: https://svnweb.freebsd.org/changeset/base/294538 Log: MFC r293856: Avoid reading pass the end of the source buffer when it is not NUL terminated. If this buffer is adjacent to an unmapped page or a version of C with bounds checked is used this may result in a crash. PR: 206178 Submitted by: Alexander Cherepanov <cherepan@mccme.ru> Requested by: danfe Changes: _U stable/8/lib/libc/ stable/8/lib/libc/string/wcslcat.c |