Menu
▾
▴
1 Attachments
#95 buffer overflow in exp_log.c
There's "static char bigbuf[2000]" defined in exp_log.c, which is then used to write in with vsprintf in various logging functions.
The buffer could overflow (actually it does - e.g. when running systemtap testsuite).
Attached patch replaces vsprintf with vsnprintf function, which checks the length of destination buffer.
