Ticket #106 (closed defect: fixed)

Opened 12 years ago

Last modified 12 years ago

Write outside buffer in PJLIB's win32 error string

Reported by: bennylp Owned by: bennylp
Priority: major Milestone: release-0.5.10
Component: pjlib Version: 0.5.9
Keywords: Cc:
Backport to 1.x milestone: Backported:

Description (last modified by bennylp) (diff)

The PJLIB's Win32 version of platform_strerror() may write data outside the buffer (on buffer[-1] location to be precise) when the function is unable to retrieve the error string using FormatMessage function.

This is caused by the function naively assumes that snprintf will never return negative value:

 len = pj_ansi_snprintf(buffer, bufsize, ...);
 buffer[len] = '\0';

Change History

comment:1 Changed 12 years ago by bennylp

  • Status changed from new to closed
  • Resolution set to fixed
  • Summary changed from Write overflow in PJLIB's win32 error string to Write outside buffer in PJLIB's win32 error string

Fixed in r954.

comment:2 Changed 12 years ago by bennylp

  • Description modified (diff)
Note: See TracTickets for help on using tickets.