GNU bug report logs -
#9412
sprintf-related integer and memory overflow issues
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Tue, 30 Aug 2011 22:47:02 UTC
Severity: normal
Tags: patch
Found in version 24.0.50
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Paul Eggert <eggert <at> cs.ucla.edu> writes:
>> Surely such a limitation is a bug in the C library, not Emacs?
>> If so, it should be fixed there, not in Emacs.
>
> I agree, but unfortunately the problem is inherent to sprintf's type
> signature, which has been stable for many years and is not slated to
> be improved or extended even in C1X. It would take decades before we
> could assume any such fix would be present in the C library.
>
>> I think we should add a stub for snprintf in sysdep.c for the
>> !HAVE_SNPRINTF case (which will need configure to set up HAVE_SNPRINTF).
>
> Sure, that's easily done, with the following additional patch.
> I'll CC: this to Eli since it adds a #define to nt/config.nt.
With this, the parts of the patch involving using snprintf look good.
But I would prefer to defer the esnprintf stuff till after 24.1.
The changes to font_unparse_xlfd and font_unparse_fcname don't look as
straightforward as the rest. That code is somewhat fragile, so I
suggest double checking those changes (or, better yet, writing a test
case).
This bug report was last modified 13 years and 261 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.