https://sourceware.org/bugzilla/show_bug.cgi?id=17510
--- Comment #7 from Michal Zalewski ---
Do you want me to file separate bugs for each?
For example, I have this in srec.c:
char buf[10];
...
sprintf (buf, "\\%03o", (unsigned int) c);
But with this test case, c will be -44, or
https://sourceware.org/bugzilla/show_bug.cgi?id=17510
--- Comment #2 from Michal Zalewski ---
Created attachment 7848
--> https://sourceware.org/bugzilla/attachment.cgi?id=7848&action=edit
Test case #2
Note that range checking problems are somewhat endemic across the function;
here's a test ca
Assignee: unassigned at sourceware dot org
Reporter: lcamtuf at coredump dot cx
Test case:
http://lcamtuf.coredump.cx/strings-bfd-badptr
On the x86 Linux systems I tried this on, the test case causes dereference of a
pointer in the vicinity of 0x41414141.
/mz
--
You are
