parser_util.c

via RT Tue, 17 Apr 2007 14:49:45 -0700

# New Ticket Created by  Steve Peters 
# Please include the string:  [perl #42594]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=42594 >



I don't know how easily this is reached, but since the "fmt" variable
is only NULL checked, it seems like this would be possible to reached.

Steve Peters
[EMAIL PROTECTED]

Index: compilers/imcc/parser_util.c
===================================================================
--- compilers/imcc/parser_util.c        (revision 18270)
+++ compilers/imcc/parser_util.c        (working copy)
@@ -494,8 +494,10 @@
     if (len >= 2)
         len -= 2;
     format[len] = '\0';
-    if (fmt && *fmt)
-        strcpy(format, fmt);
+    if (fmt && *fmt) {
+        strncpy(format, fmt, sizeof(format - 1));
+        format[sizeof(format - 1)] = '\0';
+    }
 #if 1
     IMCC_debug(interp, DEBUG_PARSER,"%s %s\t%s\n", name, format, fullname);
 #endif

[perl #42594] [PATCH] Probable buffer overflow in compilers/imcc/parser_util.c

Reply via email to