diff options
| author | Florian Weimer <fweimer@redhat.com> | 2024-12-27 09:17:41 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2024-12-27 09:18:21 +0100 |
| commit | cb4692ce1edd5a81c2521de49dfef6125141d1c7 (patch) | |
| tree | 63a3a48b2ff13f042cafcc614e8178aadb4cb8a7 /hurd/fopenport.c | |
| parent | 7c22dcda27743658b6b8ea479283b384ad56bd5a (diff) | |
| download | glibc-master.zip glibc-master.tar.gz glibc-master.tar.bz2 | |
This was suggested most recently by Solar Designer, noting
that code replacing vsprintf with vasprintf in a security fix
was subtly wrong:
Re: GStreamer Security Advisory 2024-0003: Orc compiler
stack-based buffer overflow
<https://www.openwall.com/lists/oss-security/2024/07/26/2>
Previous libc-alpha discussions:
I: [PATCH] asprintf error handling fix
<https://inbox.sourceware.org/libc-alpha/20011205185828.GA8376@ldv.office.alt-linux.org/>
asprintf() issue
<https://inbox.sourceware.org/libc-alpha/CANSoFxt-cdc-+C4u-rTENMtY4X9RpRSuv+axDswSPxbDgag8_Q@mail.gmail.com/>
I don't think we need a compatibility symbol for this. As the
GStreamer example shows, this change is much more likely to fix bugs
than cause compatibility issues.
Suggested-by: Dmitry V. Levin <ldv@altlinux.org>
Suggested-by: Archie Cobbs <archie.cobbs@gmail.com>
Suggested-by: Solar Designer <solar@openwall.com>
Reviewed-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'hurd/fopenport.c')
0 files changed, 0 insertions, 0 deletions