Hello there,
It appears there is a buffer overflow in GenericDeck_maskToString . Here, A
fixed buffer int cards[50] is allocated. But of course, a deck might have
some more cards, up to 54 with two jokers... Similarly in the printMask
later on.
I don't think this is exploitable but might result in some nasty crashes, so
I'd say, better to err on the safe side:
Index: deck.c
===================================================================
--- deck.c (revision 3802)
+++ deck.c (working copy)
@@ -24,7 +24,7 @@
int
GenericDeck_maskToString(Deck *deck, void *cardMask, char *outString) {
- int cards[50], n, i;
+ int cards[100], n, i;
char *p;
n = (*deck->maskToCards)(cardMask, cards);
@@ -42,7 +42,7 @@
int
GenericDeck_printMask(Deck *deck, void *cardMask) {
- char outString[150];
+ char outString[300];
int r;
r = GenericDeck_maskToString(deck, cardMask, outString);
Greetings,
Wladimir
_______________________________________________
Pokersource-users mailing list
[email protected]
https://mail.gna.org/listinfo/pokersource-users
