found 655411 dpkg/1.16.1.2 # doesn't affect Debian architectures severity 655411 wishlist quit
Hi, dan...@ruoso.com wrote: > The implementation of vsnprintf in the compat library uses and > caches the file descriptor for a temporary file. > > If the vsnprintf function is called before a fork, two concurrent > processes will share the cached file descriptor and will eventually > cause a race condition where the output of snprintf in one process > will leak to the other. Yeah, that's true. Maybe it would be worth dropping the !HAVE_VSNPRINTF fallback altogether, or we could use one of the many implementations of vsnprintf available under GPL-compatible licenses. What platform do you use? Does it support pthread_atfork? > The easy solution is to simply stop using a global file descriptor Care to suggest a patch? Thanks for writing, Jonathan -- To UNSUBSCRIBE, email to debian-dpkg-bugs-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
