Potential memory overrun bug due to fixed length string in ImportGUI()
Bug #1069317 reported by
Peter Clifton
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gEDA project |
Fix Committed
|
Critical
|
Unassigned | ||
| pcb |
New
|
Undecided
|
Unassigned | ||
Bug Description
commit 1574518c1e76b19
hid/gtk: ImportGUI() can select multiple files
..with one small modification to the original patch by Felix Ruoff
Closes-bug: lp-934616
This patch should not have used:
+ gchar sname[128];
and then written into this string without at least some length checking.
Ideally there would be no artificially imposed limit upon this string length.
Revision history for this message
| DJ Delorie (djdelorie) wrote | #1 |
| Changed in geda-project: | |
| importance: | Undecided → Critical |
Revision history for this message
| Traumflug (mah-jump-ing) wrote | #2 |
| Changed in geda-project: | |
| status: | New → Fix Committed |
Revision history for this message
| Traumflug (mah-jump-ing) wrote | #3 |
To post a comment you must log in.
The only thing written to this buffer (at the moment) is a fixed string with an integer appended. Until we get to 384-bit integers, we won't overrun that buffer. Confirm?