Bugs item #2932605, was opened at 2010-01-15 06:48 Message generated for change (Tracker Item Submitted) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=462816&aid=2932605&group_id=51305
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: wxJSON Group: last released version Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: wxJSONWriter buffer overflow Initial Comment: wxJSONWriter can cause a buffer overflow when wxJSON_USE_UNICODE is defined. In writeIntValue and WriteUIntValue, the following causes a buffer overflow: char buffer[32]; // need to store 64-bits integers (max 20 digits) NOTE THAT THIS BUFFER'S MEMORY IS NOT ZEROED ... len = strlen( cbData ); wxASSERT( len <= 32 ); memcpy( buffer, cbData, len ); <--- NOTE THAT buffer IS ONLY NULL-TERMINATED HERE IF YOU'RE LUCKY ... len = strlen( buffer ); <--- THIS LENGTH IS INDETERMINANT BECAUSE buffer IS NOT NULL TERMINATED os.Write( buffer, len ); <---- BUFFER OVERRUN!!!!!!!!!!!!!! Something like this is a quick fix: wxASSERT( len < 32 ); <--- len must be less than 32 memcpy( buffer, cbData, len ); buffer[len] = 0; <--- null terminate the string ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=462816&aid=2932605&group_id=51305 ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ wxCode-users mailing list wxCode-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wxcode-users