Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • sac2c sac2c
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 334
    • Issues 334
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 14
    • Merge requests 14
  • Deployments
    • Deployments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Infrastructure Registry
  • External wiki
    • External wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • sac-group
  • sac2csac2c
  • Issues
  • #2195

Closed
Open
Created Feb 22, 2012 by Bep Rinto@broGuest

SACsprintf easily buffer-overflows and is not threadsafe

Bugzilla Link 918
Created on Feb 22, 2012 13:08
Resolution FIXED
Resolved on Mar 01, 2012 19:00
Version svn
OS Linux
Architecture PC

Extended Description

SACsprintf uses a small static buffer and uses the unsafe function vsprintf. This makes SAC yet another bufferoverflowable language. For a minimum it should use a local buffer (either on stack or malloced) and it should use the safe function vnsprintf which is in C99. An alternative is to use vasprintf, which dynamically allocates the destination buffer.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking