* [gentoo-commits] gentoo-x86 commit in media-gfx/xfig/files: xfig-3.2.5b-CVE-2010-4262.patch
@ 2010-12-20 17:45 Peter Volkov (pva)
0 siblings, 0 replies; only message in thread
From: Peter Volkov (pva) @ 2010-12-20 17:45 UTC (permalink / raw
To: gentoo-commits
pva 10/12/20 17:45:22
Added: xfig-3.2.5b-CVE-2010-4262.patch
Log:
Add patch to address stack-based buffer overflow, bug #348344, thank Tim Sammut for report. Drop old.
(Portage version: 2.1.9.25/cvs/Linux x86_64)
Revision Changes Path
1.1 media-gfx/xfig/files/xfig-3.2.5b-CVE-2010-4262.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-gfx/xfig/files/xfig-3.2.5b-CVE-2010-4262.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-gfx/xfig/files/xfig-3.2.5b-CVE-2010-4262.patch?rev=1.1&content-type=text/plain
Index: xfig-3.2.5b-CVE-2010-4262.patch
===================================================================
--- w_msgpanel.c
+++ w_msgpanel.c 2010-12-03 14:21:07.931926127 +0000
@@ -60,7 +60,7 @@ DeclareStaticArgs(12);
/* for the popup message (file_msg) window */
static int file_msg_length=0;
-static char tmpstr[300];
+static char tmpstr[512];
static Widget file_msg_panel,
file_msg_win, file_msg_dismiss;
@@ -582,8 +582,8 @@ file_msg(char *format,...)
}
va_start(ap, format);
- /* format the string */
- vsprintf(tmpstr, format, ap);
+ /* format the string (but leave room for \n and \0) */
+ vsnprintf(tmpstr, sizeof(tmpstr)-2, format, ap);
va_end(ap);
strcat(tmpstr,"\n");
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-12-20 17:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-20 17:45 [gentoo-commits] gentoo-x86 commit in media-gfx/xfig/files: xfig-3.2.5b-CVE-2010-4262.patch Peter Volkov (pva)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox