[gs-bugs] [Bug 690829] buffer overflow in errprintf
bugs.ghostscript.com-bugzilla-daemon at ghostscript.com
bugs.ghostscript.com-bugzilla-daemon at ghostscript.com
Fri Oct 23 16:39:57 PDT 2009
http://bugs.ghostscript.com/show_bug.cgi?id=690829
------- Additional Comments From alex.cherepanov at artifex.com 2009-10-23 16:39 -------
I think that the current implementation of errprintf() and outprintf()
is a security hole. It's quite easy to smash the stack using a long message.
First, we can use vsnprintf() to truncate long messages.
Second, it's possible to write a subroutine that either
- estimates the print size and allocates a buffer
- or writes the long messages in parts.
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the gs-bugs
mailing list