fc_vsnprintf() fallback implementation uses internal buffer of 64k (VSNP_BUF_SIZE). While secfile to save is being prepared, ioz.c might request it to handle buffer of size 8096k (PLAIN_FILE_BUF_SIZE).

Noticed while testing WIP patch for #45629 that also adds missing overflow checking to fc_vsnprintf().

Ticket History (3/5 Histories)

2022-09-22 01:20 Updated by: cazfi

New Ticket "Secfile save buffer overflow with fc_vsnprintf() fallback implementation" created

2022-09-22 01:34 Updated by: cazfi

File 0038-Increase-size-of-the-buffer-of-fc_vsnprintf-fallback.patch (File ID: 10350) is attached

2022-09-22 01:35 Updated by: cazfi

File 0025-Increase-size-of-the-buffer-of-fc_vsnprintf-fallback.patch (File ID: 10351) is attached

2022-09-22 01:35 Updated by: cazfi

Propriétaire Update from (Aucun) to cazfi
Résolution Update from Aucun to Accepted

Commentaire

Also to S2_6

2022-09-25 07:34 Updated by: cazfi

État Update from Ouvert to Atteints
Résolution Update from Accepted to Fixed

Attachment File List

0038-Increase-size-of-the-buffer-of-fc_vsnprintf-fallback.patch(1KB)
- master, S3_1
0025-Increase-size-of-the-buffer-of-fc_vsnprintf-fallback.patch(1KB)
- S3_0, S2_6

Freeciv

Ticket #45682 Liste des tickets Soumettre un nouveau ticket RSS

Secfile save buffer overflow with fc_vsnprintf() fallback implementation Date d'ouverture: 2022-09-22 01:20 Dernière mise à jour: 2022-09-25 07:34 monitor ON OFF

Détails

Ticket History (3/5 Histories) Show older Histories

2022-09-22 01:20 Updated by: cazfi

2022-09-22 01:34 Updated by: cazfi

2022-09-22 01:35 Updated by: cazfi

2022-09-22 01:35 Updated by: cazfi

Commentaire

2022-09-25 07:34 Updated by: cazfi

Attachment File List

Modifier

Ticket #45682
Liste des tickets Soumettre un nouveau ticket RSS

Secfile save buffer overflow with fc_vsnprintf() fallback implementation

Date d'ouverture: 2022-09-22 01:20 Dernière mise à jour: 2022-09-25 07:34

monitor

Ticket History (3/5 Histories)