Re: xsrc/58872: libXfont and libXfont2 fixes with ssp [patch]

To: xsrc-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,nathanialsloss%yahoo.com.au@localhost
Subject: Re: xsrc/58872: libXfont and libXfont2 fixes with ssp [patch]
From: "Martin Husemann via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Wed, 4 Dec 2024 06:55:01 +0000 (UTC)

The following reply was made to PR xsrc/58872; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: xsrc/58872: libXfont and libXfont2 fixes with ssp [patch]
Date: Wed, 4 Dec 2024 07:51:52 +0100

 On Tue, Dec 03, 2024 at 11:20:02PM +0000, Nat Sloss via gnats wrote:
 >  +	volatile double result;
 >   	char buffer[40];
 >   
 >  -	sprintf(buffer, "%.*lg", XLFD_NDIGITS, x);
 >  -	return atof(buffer);

 How can a 40 char buffer be overrun with that format and XLFD_NDIGITS = 3?

 I would suggest to make the 40 depend on XLFD_NDIGITS, but that would be
 an upstream change (and not affect things here).

 Please capture a value where this overrun happens, turn it into a test program
 and lets debug what goes wrong with your sprintf call.

 Martin

Follow-Ups:
- Re: xsrc/58872: libXfont and libXfont2 fixes with ssp [patch]
  - From: Nat Sloss

Prev by Date: port-arm/58873: Conflicting information between compat_linux(8) and /docs/compat.html
Next by Date: Re: xsrc/58872: libXfont and libXfont2 fixes with ssp [patch]
Previous by Thread: Re: xsrc/58872: libXfont and libXfont2 fixes with ssp [patch]
Next by Thread: Re: xsrc/58872: libXfont and libXfont2 fixes with ssp [patch]
Indexes:

Home | Main Index | Thread Index | Old Index