Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#106 closed defect (fixed)

Write outside buffer in PJLIB's win32 error string — at Version 2

Reported by: bennylp Owned by: bennylp
Priority: major Milestone: release-0.5.10
Component: pjlib Version: 0.5.9
Keywords: Cc:
Backport to 1.x milestone: Backported:

Description (last modified by bennylp)

The PJLIB's Win32 version of platform_strerror() may write data outside the buffer (on buffer[-1] location to be precise) when the function is unable to retrieve the error string using FormatMessage function.

This is caused by the function naively assumes that snprintf will never return negative value:

 len = pj_ansi_snprintf(buffer, bufsize, ...);
 buffer[len] = '\0';

Change History (2)

comment:1 Changed 18 years ago by bennylp

  • Resolution set to fixed
  • Status changed from new to closed
  • Summary changed from Write overflow in PJLIB's win32 error string to Write outside buffer in PJLIB's win32 error string

Fixed in r954.

comment:2 Changed 18 years ago by bennylp

  • Description modified (diff)
Note: See TracTickets for help on using tickets.