lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Jan 2007 16:20:15 +0100 From: Thomas <tom@...ctric-sheep.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: new class of printf issue: int overflow > > > But that got me thinking. *printf return an int, and it's supposed to > > > be the number of chars written. So a typical idiom is > > > > > > size_t memory_needed=snprintf(NULL,0,format_string,...); > > > char* ptr=malloc(memory_needed+1); > > > sprintf(ptr,format_string,...); > > This is nothing new. > > It is documented in the man-page and in the libc sources. > > What is documented in what man page? Neither the Linux man page nor the > SUSv3 say anything about integer overflows and what sprintf should > return in that case. > > And, uh, glibc does not handle the issue, so the libc code does not > document anything either. returning a negative value. > Felix -- Tom <tom@...ctric-sheep.org> fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists