------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=787
Summary: memory corruption in string_format code
Product: Exim
Version: 4.69
Platform: All
OS/Version: All
Status: NEW
Keywords: work:tiny
Severity: bug
Priority: medium
Component: General execution
AssignedTo: nigel@exim.org
ReportedBy: buyak@corp.mail.ru
CC: exim-dev@exim.org
Created an attachment (id=289)
--> (http://bugs.exim.org/attachment.cgi?id=289)
Proposed patch.
Electric Fence has spotted a problem.
add this to main():
-----
char *teststring = malloc(3);
char *s = "Date: Fri, 12 Sep 2008 10:54:39 +0400\n";
string_format(teststring, 3, "%c %s", 'a', s);
fprintf (stdout, "%s", teststring);
-----
string_format() will happily overwrite beyond allocated memory.
Patch attached.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=787
Summary: memory corruption in string_format code
Product: Exim
Version: 4.69
Platform: All
OS/Version: All
Status: NEW
Keywords: work:tiny
Severity: bug
Priority: medium
Component: General execution
AssignedTo: nigel@exim.org
ReportedBy: buyak@corp.mail.ru
CC: exim-dev@exim.org
Created an attachment (id=289)
--> (http://bugs.exim.org/attachment.cgi?id=289)
Proposed patch.
Electric Fence has spotted a problem.
add this to main():
-----
char *teststring = malloc(3);
char *s = "Date: Fri, 12 Sep 2008 10:54:39 +0400\n";
string_format(teststring, 3, "%c %s", 'a', s);
fprintf (stdout, "%s", teststring);
-----
string_format() will happily overwrite beyond allocated memory.
Patch attached.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##