Open
Bug 1170027
Opened 9 years ago
Updated 2 years ago
Potential string buffer overflow using sprintf
Categories
(Core :: mozglue, defect)
Core
mozglue
Tracking
()
NEW
People
(Reporter: MatsPalmgren_bugz, Unassigned, Mentored)
References
Details
(Spawned off from bug 1169326.) http://mxr.mozilla.org/mozilla-central/source/mozglue/linker/Mappable.cpp#235 Can we use snprintf_literal or something here to avoid the potential buffer overflow? The only caller seems to be mozglue/linker/ElfLoader.cpp and "name" looks like a file name from our distributed set of files so it's unlikely to overflow the 256 char buffer, but it seems prudent to fix this anyway.
Comment 1•9 years ago
|
||
Mike, is this something you could fix? Thanks.
Flags: needinfo?(mh+mozilla)
Keywords: csectype-bounds,
sec-low
Comment 2•9 years ago
|
||
Note this is code we don't even ship. It's code that allows to test the linker on desktop Linux, and that branch is not used on Android, where the linker is actually used. So I'm not particularly interested in actively fixing this myself. I think this bug could be opened up and made a mentored/good-first bug.
Flags: needinfo?(mh+mozilla)
Comment 3•9 years ago
|
||
Thanks for the explanation, that makes sense.
Group: core-security
Keywords: csectype-bounds,
sec-low
Updated•9 years ago
|
Mentor: mh+mozilla
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•