small buffer overflow in frontends/yasm/yasm.c:replace_extension()
Mike Frysinger
vapier at gentoo.org
Fri Jun 22 08:50:28 PDT 2007
the replace_extension() in frontends/yasm/yasm.c likes to cause small buffer
overflows when doing strcpy(out, def);
for example, this command:
yasm /dev/null
will malloc 5 bytes for "out" but then try to write like 9 bytes
or this:
touch f
yasm f
will malloc 2 bytes for "out" but then try to write like 9 bytes
seems the calculation for out needs some tweaking :)
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
Url : http://cvs.tortall.net/pipermail/yasm-devel/attachments/20070622/da2bc7e6/attachment.pgp
More information about the yasm-devel
mailing list