Martin Schulze <[EMAIL PROTECTED]> wrote:One question remains, though:> + // buf_size = min(count, buf_size);> + if (buf_size > count) buf_size = count;Is there any reason not to write mim() here?It's a bit faster than buf_size = min(), since there's no need to reassign "buf_size" again, if it's
Anon Sricharoenchai wrote:
> Package: mimms
> Version: 0.0.9-1
> Severity: grave
> Justification: user security hole
> Tags: security patch
>
> According to the patch attached in this report, it has many possible buffer
> overflows.
> For example,
> - memcpy(buf, data, length) without bounding the
Package: mimms
Version: 0.0.9-1
Severity: grave
Justification: user security hole
Tags: security patch
According to the patch attached in this report, it has many possible buffer
overflows.
For example,
- memcpy(buf, data, length) without bounding the limit of "length",
while "length" depend on
3 matches
Mail list logo
