GNU bug report logs - #9412
sprintf-related integer and memory overflow issues

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Tue, 30 Aug 2011 22:47:02 UTC

Severity: normal

Tags: patch

Found in version 24.0.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Chong Yidong <cyd <at> stupidchicken.com>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 9412 <at> debbugs.gnu.org
Subject: bug#9412: sprintf-related integer and memory overflow issues
Date: Tue, 30 Aug 2011 22:08:13 -0400

Paul Eggert <eggert <at> cs.ucla.edu> writes:

> Here's a patch to the Emacs trunk to fix some sprintf-related integer
> and memory overflow issues in Emacs proper.  These bugs can cause the
> wrong integer to be displayed, or a buffer overrun in sprintf output,
> that sort of thing.  Almost all the bugs can occur independently of
> whether --with-wide-int is used.  The bugs range from unlikely to
> extremely unlikely in normal use (otherwise they would have been fixed
> already....).  The patch is (I hope) routine.  I plan to install this
> patch after some more internal testing.

I don't much like the idea of using custom functions like esprintf and
esnprintf.  They make the code much less clear.

Also, I seem to recall that the reason we don't use snprintf is that
it's not available on all the platforms that Emacs supports.
This bug report was last modified 13 years and 262 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.