Your message dated Fri, 28 Jan 2022 22:27:53 +0100
with message-id <[email protected]>
and subject line Re: Bug#794947: manpages-dev: printf(3) example: possible
integer overflow
has caused the Debian Bug report #794947,
regarding printf(3): possible integer overflow in make_message
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
794947: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794947
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: manpages-dev
Version: 3.74-1
The example in the printf(3) manpages looks like this (with boring parts
omitted):
int n;
/* ... */
n = vsnprintf(p, size, fmt, ap);
/* ... */
if (n < 0) {
/* ... */
return NULL;
}
/* ... */
size = n + 1;
But vsnprintf could return INT_MAX, which would then cause "n + 1" to
overflow.
(AFAICS, the glibc vsnprintf implementation never returns INT_MAX, but
it could in principle.)
I'd suggest changing "n < 0" to "n < 0 || n == INT_MAX".
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Version: 5.07-1
* Florian Ernst <[email protected]>, 2022-01-28, 20:49:
I think this bug here could just be closed.
Indeed, this is the commit that fixes the overflow:
https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit/?id=7577e4074b375acb
--
Jakub Wilk
--- End Message ---
