25 Feb 05:41
zlib gzprintf() patch
From: Solar Designer <solar@...>
Subject: zlib gzprintf() patch
Newsgroups: gmane.comp.misc.xvendor
Date: 2003-02-25 04:42:40 GMT
Subject: zlib gzprintf() patch
Newsgroups: gmane.comp.misc.xvendor
Date: 2003-02-25 04:42:40 GMT
Hi, Just thought I'd share the tiny patch that went into Owl. Attached. The lack of configure checking for vsnprintf() is intentional (I want this to not compile without a vsnprintf() anyway). The Owl change log entry is: 2003/02/25 Package: zlib Corrected a potential buffer overflow in gzprintf(), thanks to Bugtraq postings by Crazy Einstein, Richard Kettlewell, and Carlo Marcelo Arenas Belon. -- -- /sd
diff -ur zlib-1.1.4.orig/gzio.c zlib-1.1.4/gzio.c
--- zlib-1.1.4.orig/gzio.c Mon Mar 11 16:16:01 2002
+++ zlib-1.1.4/gzio.c Tue Feb 25 07:08:36 2003
@@ -529,14 +529,9 @@
int len;
va_start(va, format);
-#ifdef HAS_vsnprintf
- (void)vsnprintf(buf, sizeof(buf), format, va);
-#else
- (void)vsprintf(buf, format, va);
-#endif
(Continue reading)
RSS Feed