[Uim-bugs] [Bug 11411] New: ParseComposeStringFile() is dubious
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Jun 28 13:20:15 PDT 2007
http://bugs.freedesktop.org/show_bug.cgi?id=11411
Summary: ParseComposeStringFile() is dubious
Product: UIM
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: medium
Component: bridge: GTK+
AssignedTo: uim-bugs at freedesktop.org
ReportedBy: christianbiere at gmx.de
First of all it ignores that st.st_size is off_t which is usually wider than
"long" which can result in allocating to little memory as the cast will
truncate the value. If the file is 4 GiB + 1 byte large, only 1 byte will be
allocated resulting in a buffer overflow.
However, even with proper checks in place the file can grow after fstat() and
the initial memory allocation might be insufficient resulting in a buffer
overflow again. The parsing code should be changed to take the size of the
allocated buffer into account.
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the uim-bugs
mailing list