Skip to content
Snippets Groups Projects
Commit fb7db9ae authored by Sebastian Dröge's avatar Sebastian Dröge :tea: Committed by Tim-Philipp Müller
Browse files

Use vasprintf() if available for error messages and otherwise vsnprintf() 

vasprintf() is a GNU/BSD extension and would allocate as much memory as required
on the heap, similar to g_strdup_printf(). It's ridiculous that such a function
is still not provided as part of standard C.

If it's not available, use vsnprintf() to at least avoid stack/heap buffer
overflows, which can lead to arbitrary code execution.

Thanks to Noriko Totsuka for reporting.

Fixes JVN#02030803 / JPCERT#92912620 / CVE-2024-40897
Fixes #69

Part-of: <!191>
parent 6ea06183
No related branches found
No related tags found
1 merge request!191Use vasprintf() if available for error messages and otherwise vsnprintf()
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment