* Damyan Ivanov: > So I decided to check whether fb_lock_mgr actually uses this source. It seems > to be linked with jrd statically. (From what I see in the makefile spaghetti)
This is only a problem if it also invokes setlocale, to activate the localized message files. > So, what is the code, that is considered unsafe? I believe it's now in line 959. | case gds_arg_unix: | if (code > 0 && code < sys_nerr && (p = (TEXT*)sys_errlist[code])) | strcpy(s, p); | else if (code == 60) | strcpy(s, "connection timed out"); | else if (code == 61) | strcpy(s, "connection refused"); | else | sprintf(s, "unknown unix error %ld", code); /* TXNN */ | break; Just horrible. 8-( You could check that strlen(ss_errlist[code]) is less than 64 at this point or something like that. One (very indirect) caller I found allocates a buffer of 1024 bytes. But look at the code above: | case gds_arg_interpreted: | p = s; | q = (TEXT *) (*vector)[1]; | while ((*p++ = *q++) /*!= NULL*/); | break; This is even more suspicious. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
