oss-sec mailing list archives
Re: Re: strings / libbfd crasher
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Mon, 27 Oct 2014 11:59:56 -0700
Well, there's also a trivial stack buffer overflow in srec.c near line 254: char buf[10]; ... sprintf (buf, "\\%03o", (unsigned int) c); But with this test case, c will be -44, or "\1777777777777777777724", which sounds a lot longer than 9 characters. http://lcamtuf.coredump.cx/strings-stack-overflow /mz
Current thread:
- Re: Re: strings / libbfd crasher, (continued)
- Re: Re: strings / libbfd crasher mancha (Nov 03)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 03)
- Re: Re: strings / libbfd crasher mancha (Nov 03)
- Re: strings / libbfd crasher cve-assign (Nov 04)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: Re: strings / libbfd crasher mancha (Nov 05)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: strings / libbfd crasher cve-assign (Nov 12)
- Re: Re: strings / libbfd crasher Michal Zalewski (Oct 26)
- Re: Re: strings / libbfd crasher Michal Zalewski (Oct 27)
- Re: Re: strings / libbfd crasher Jakub Wilk (Oct 27)