[exim-dev] [Bug 787] New: memory corruption in string

Auteur: Eugene Bujak
Date:
À: exim-dev
Sujet: [exim-dev] [Bug 787] New: memory corruption in string_format code

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=787
           Summary: memory corruption in string_format code
           Product: Exim
           Version: 4.69
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: work:tiny
          Severity: bug
          Priority: medium
         Component: General execution
        AssignedTo: nigel@???
        ReportedBy: buyak@???
                CC: exim-dev@???

Created an attachment (id=289)
--> (http://bugs.exim.org/attachment.cgi?id=289)
Proposed patch.

Electric Fence has spotted a problem.

add this to main():
-----
char *teststring = malloc(3);
char *s = "Date: Fri, 12 Sep 2008 10:54:39 +0400\n";
string_format(teststring, 3, "%c %s", 'a', s);
fprintf (stdout, "%s", teststring);
-----

string_format() will happily overwrite beyond allocated memory.

Patch attached.

--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

[exim-dev] [Bug 787] New: memory corruption in string_format…