Date: Sat, 10 Oct 2009 19:19:04 GMT From: Bruce Cran <bruce@cran.org.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/139492: pkg_install - overlapping data buffer in call to snprintf Message-ID: <200910101919.n9AJJ4ZR039107@www.freebsd.org> Resent-Message-ID: <200910101920.n9AJK1eY078179@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 139492 >Category: bin >Synopsis: pkg_install - overlapping data buffer in call to snprintf >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 10 19:20:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Bruce Cran >Release: 8.0-RC1 >Organization: >Environment: FreeBSD bsd01.localdomain 8.0-RC1 FreeBSD 8.0-RC1 #0: Thu Sep 17 20:45:19 UTC 2009 root@almedia.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: On line 270 of usr.sbin/pkg_install/lib/match.c there's a call to snprintf which uses an overlapping buffer: snprintf(tmp, PATH_MAX, "%s/%s", tmp, CONTENTS_FNAME); According to http://www.opengroup.org/onlinepubs/000095399/functions/printf.html the results are undefined in the buffers overlap. >How-To-Repeat: Install devel/cppcheck and run it in usr.sbin/pkg_install >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910101919.n9AJJ4ZR039107>