misc/62694: [PATCH] /usr/src/lib/libc/locale/ldpart.c buffer
overflow
David Schultz
das at FreeBSD.ORG
Sat Apr 24 23:30:26 PDT 2004
The following reply was made to PR misc/62694; it has been noted by GNATS.
From: David Schultz <das at FreeBSD.ORG>
To: moulin p <moulin.p at calyopea.com>
Cc: phantom at FreeBSD.ORG, ache at FreeBSD.ORG,
freebsd-gnats-submit at FreeBSD.ORG
Subject: Re: misc/62694: [PATCH] /usr/src/lib/libc/locale/ldpart.c buffer overflow
Date: Sat, 24 Apr 2004 23:21:45 -0700
On Wed, Feb 11, 2004, moulin p wrote:
> in /usr/src/lib/libc/locale/ldpart.c
> - *locale_buf was tested without prior checked if locale_buf
> was NULL or not => sigvec under certain circumstances.
If you look at the callers of this (private) function, you'll
notice that this can't happen. Although locale_buf can be a
pointer to NULL, it is never NULL itself.
> - a strchr was used on an non '\0' terminated buffer => crash
This appears to be a legitimate concern. Moreover, it appears
that split_lines() may write a '\0' one byte beyond the end of the
buffer. I've CC'd the original author and ache@, and hopefully
one of them will take care of the problems.
> in /usr/src/lib/libc/locale/srune.c (with gcc's -Werror flag)
> - memcpy needs <string.h> to be properly prototyped.
>
> in /usr/src/lib/libc/locale/wcstold.c (with gcc's -Werror flag)
> - two unused variables.
It looks like these were already fixed.
More information about the freebsd-bugs
mailing list