ports/70699: Typo in ports/devel/libedit, possible buffer overflow in libedit/history.c:history_save()
Sergey S. Kostyliov
rathamahata at ehouse.ru
Sat Aug 21 16:30:30 UTC 2004
The following reply was made to PR ports/70699; it has been noted by GNATS.
From: "Sergey S. Kostyliov" <rathamahata at ehouse.ru>
To: freebsd-gnats-submit at FreeBSD.org, rathamahata at ehouse.ru
Cc:
Subject: Re: ports/70699: Typo in ports/devel/libedit, possible buffer overflow in libedit/history.c:history_save()
Date: Sat, 21 Aug 2004 20:24:20 +0400
Otto Moerbeek <otto at drijf.net>
has just pointed out that the:
max_size = (len + 1023) & ~1023;
patch is not enough (see http://www.sigmasoft.com/cgi-bin/wilma_hiliter/openbsd-bugs/200408/msg00092.html)
"... If
len is a multiple of 1024,
max_size = (len + 1023) & ~1023;
wil not increase it. Should probably be
max_size = (len + 1024) & ~1023;"
It looks like his statement is correct and either his patch or something like:
http://www.sigmasoft.com/cgi-bin/wilma_hiliter/openbsd-bugs/200408/msg00096.html
(which is a bit more intrusive but seems more self documented to me) is needed.
--
Sergey S. Kostyliov <rathamahata at ehouse.ru>
Jabber ID: rathamahata at jabber.org
More information about the freebsd-ports-bugs
mailing list