#106 closed defect (fixed)
Write outside buffer in PJLIB's win32 error string — at Version 2
Reported by: | bennylp | Owned by: | bennylp |
---|---|---|---|
Priority: | major | Milestone: | release-0.5.10 |
Component: | pjlib | Version: | 0.5.9 |
Keywords: | Cc: | ||
Backport to 1.x milestone: | Backported: |
Description (last modified by bennylp)
The PJLIB's Win32 version of platform_strerror() may write data outside the buffer (on buffer[-1] location to be precise) when the function is unable to retrieve the error string using FormatMessage function.
This is caused by the function naively assumes that snprintf will never return negative value:
len = pj_ansi_snprintf(buffer, bufsize, ...); buffer[len] = '\0';
Change History (2)
comment:1 Changed 18 years ago by bennylp
- Resolution set to fixed
- Status changed from new to closed
- Summary changed from Write overflow in PJLIB's win32 error string to Write outside buffer in PJLIB's win32 error string
comment:2 Changed 18 years ago by bennylp
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
Fixed in r954.