SACsprintf easily buffer-overflows and is not threadsafe
Bugzilla Link | 918 |
Created on | Feb 22, 2012 13:08 |
Resolution | FIXED |
Resolved on | Mar 01, 2012 19:00 |
Version | svn |
OS | Linux |
Architecture | PC |
Extended Description
SACsprintf uses a small static buffer and uses the unsafe function vsprintf. This makes SAC yet another bufferoverflowable language. For a minimum it should use a local buffer (either on stack or malloced) and it should use the safe function vnsprintf which is in C99. An alternative is to use vasprintf, which dynamically allocates the destination buffer.