PATCH: 1 byte overflow in msvcrt sprintf

Marcus Meissner meissner at suse.de
Sat Jul 2 03:17:34 CDT 2005


Hi,

Found by redhat fortify extensions.

Ciao, Marcus

Changelog:
	char pointer must be 11 byte to fit 10 characters + \0.

Index: dlls/msvcrt/wcs.c
===================================================================
RCS file: /home/wine/wine/dlls/msvcrt/wcs.c,v
retrieving revision 1.24
diff -u -r1.24 wcs.c
--- dlls/msvcrt/wcs.c	10 May 2005 08:27:38 -0000	1.24
+++ dlls/msvcrt/wcs.c	2 Jul 2005 08:15:33 -0000
@@ -553,7 +553,7 @@
         /* output a pointer */
         else if( flags.Format == 'p' )
         {
-            char pointer[10];
+            char pointer[11];
 
             flags.PadZero = 0;
             if( flags.Alternate )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20050702/34b2a83e/attachment.pgp


More information about the wine-patches mailing list