[Bug 6677] Buffer overflows in the msvcrt *printf family

Wine Bugs wine-bugs at winehq.org
Mon Nov 13 14:44:22 CST 2006


http://bugs.winehq.org/show_bug.cgi?id=6677





------- Additional Comments From the3dfxdude at gmail.com  2006-13-11 14:44 -------
I'm not saying that you're wrong. I'm saying that size checking is unneccesary
in pf_integer_conv as is. All that function does is return a string
representation of a 64-bit integer. It doesn't output fields, precision, or
signs, etc. If you want to see the maximum output length of the function, do
something like this:

printf("%I64u\n", (LONGLONG)-1);

If what was converted for I64u was within 40, then that is all that is necessary.

Octal is slightly different, but it's still within bounds. I know all this
because I wrote the function and I checked to see if the function's output fit
in the buffer in all cases.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the wine-bugs mailing list