]>
Commit | Line | Data |
---|---|---|
fd3e7da0 MT |
1 | Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net> |
2 | Date: 2005-08-08 | |
3 | Initial Package Version: 0.98.39 | |
4 | Upstream Status: From upstream cvs | |
5 | Origin: Extracted by Ken Moffat | |
6 | Description: This is Jindrich Novy's patch to fix another buffer overrun | |
7 | in nasm, CAN-2005-1194 (users who can be persuaded to assemble and run a | |
8 | malicious source file can have arbitrary code executed via a buffer | |
9 | overflow). | |
10 | ||
11 | --- nasm-0.98.39/output/outieee.c.orig 2005-01-15 22:16:08.000000000 +0000 | |
12 | +++ nasm-0.98.39/output/outieee.c 2005-08-08 22:12:46.000000000 +0100 | |
13 | @@ -1120,7 +1120,7 @@ | |
14 | va_list ap; | |
15 | ||
16 | va_start(ap, format); | |
17 | - vsprintf(buffer, format, ap); | |
18 | + vsnprintf(buffer, sizeof(buffer), format, ap); | |
19 | l = strlen(buffer); | |
20 | for (i = 0; i < l; i++) | |
21 | if ((buffer[i] & 0xff) > 31) |