1 Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
3 Initial Package Version: 0.98.39
4 Upstream Status: From upstream cvs
5 Origin: Extracted by Ken Moffat
6 Description: This is Jindrich Novy's patch to fix another buffer overrun
7 in nasm, CAN-2005-1194 (users who can be persuaded to assemble and run a
8 malicious source file can have arbitrary code executed via a buffer
11 --- nasm-0.98.39/output/outieee.c.orig 2005-01-15 22:16:08.000000000 +0000
12 +++ nasm-0.98.39/output/outieee.c 2005-08-08 22:12:46.000000000 +0100
17 - vsprintf(buffer, format, ap);
18 + vsnprintf(buffer, sizeof(buffer), format, ap);
20 for (i = 0; i < l; i++)
21 if ((buffer[i] & 0xff) > 31)