Ticket #241 (closed defect: fixed)
buffer overflow in __mhl_str_concat_hlp
| Reported by: | Patrick Winnertz <winnie@…> | Owned by: | winnie |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | mc-core | Version: | 4.6.2 |
| Keywords: | committed-master committed-mc-4.6 | Cc: | |
| Blocked By: | Blocking: | ||
| Branch state: | Votes for changeset: |
Description (last modified by metux) (diff)
Hey,
There is currently a bufferoverflow in mhl_str_concat_hlp if the function is
called with more than 32 parameters.
This will fix this:
while ((a = va_arg(args, char*)) != (char*)1 && count <=31) { ... }
Attachments
Change History
comment:2 Changed 15 years ago by Patrick Winnertz
- Keywords review added
- Status changed from new to accepted
- Owner set to winnie
- Milestone changed from 4.7 to 4.6.3
Setting myself as owner.
Please have a look into branch:241_buffer_overflow
Changed 15 years ago by slyfox
- Attachment 0001-cleanup-mhl_str_concat-reduced-stack-usage-remo.patch added
apply on top of 241_ branch. cleanups code a little (removes static arrays)
Note: See
TracTickets for help on using
tickets.
This message has 0 attachment(s)