On Wed, 23 Sep 2009, Giuseppe Iuculano wrote: > Upstream patch is incomplete, in sieve/bc_eval.c after increasing scount it is > better to use snprintf to avoid buffer overruns. Attached is the debdiff I > used > for stable-security
Well, without the snprintf, the only way to overrun the buffer that I can see is to use a platform were ints are bigger than 64 bits (there are 21 bytes in scount after the patch, which means it can take 20 digits, which is exactly enough for 64-bit unsigned int and also for 64-bit signed int + "-" sign). I have updated the patch in SVN to also use snprintf, but I don't think that warrants a new upload by itself at all since we don't have any >64bit platforms. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
