[tlbuild] Possible overflow in line 274 in texk/upmendex/convert.c
Dr. Werner Fink
werner at suse.de
Wed Apr 22 08:24:07 CEST 2020
Hi,
the errbuff2 of size BUFFERLEN writes into errbuff also of size BUFFERLEN
but the size of the format string surrounding the %s is missed. Found
by fortify on ppc64/ppc64le.
Werner
--
"Having a smoking section in a restaurant is like having
a peeing section in a swimming pool." -- Edward Burr
-------------- next part --------------
--- texk/upmendex/convert.c
+++ texk/upmendex/convert.c 2020-04-22 06:10:54.285427585 +0000
@@ -187,7 +187,7 @@ static int dcomp(const void *bf1, const
int convert(UChar *buff1, UChar *buff2)
{
int i=0,j=0,k;
- char errbuff[BUFFERLEN],errbuff2[BUFFERLEN];
+ char errbuff[BUFFERLEN+42],errbuff2[BUFFERLEN];
int wclen;
UChar buff3[3];
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 894 bytes
Desc: not available
URL: <https://tug.org/pipermail/tlbuild/attachments/20200422/0c674db6/attachment.sig>
More information about the tlbuild
mailing list.