libs/newlib-cygwin
libs
/
newlib-cygwin
mirror of git://sourceware.org/git/newlib-cygwin.git
4
0
Fork 0
Code Issues Projects Releases Wiki Activity

cygwin: fix potential buffer overflow in small_sprintf 

With "%C" format string, argument may convert in up to MB_LEN_MAX bytes.
Relying on sys_wcstombs to add a trailing zero here requires us to
provide a large enough buffer.

* smallprint.c (__small_vsprintf): Use MB_LEN_MAX+1 bufsize for "%C".
This commit is contained in:
Michael Haubenwallner 2017-10-09 18:57:58 +02:00 committed by Corinna Vinschen
parent 111b6813fb
commit 4449971295
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
winsup/cygwin/smallprint.cc
View File

@ -193,8 +193,8 @@ __small_vsprintf (char *dst, const char *fmt, va_list ap)
case 'C': case 'C':
{ {
WCHAR wc = (WCHAR) va_arg (ap, int); WCHAR wc = (WCHAR) va_arg (ap, int);
char buf[4], *c; char buf[MB_LEN_MAX+1] = "", *c;
sys_wcstombs (buf, 4, &wc, 1); sys_wcstombs (buf, MB_LEN_MAX+1, &wc, 1);
for (c = buf; *c; ++c) for (c = buf; *c; ++c)
*dst++ = *c; *dst++ = *c;
} }