Hi, * Nico Golde <[EMAIL PROTECTED]> [2007-12-25 14:18]: [...] > We believed that xemacs21 is unaffected by this first but it > turned out (Thanks to Florian) that it actually is but at a > differen place: > src/doprnt.c: [...] It turned out that this is actually no bug in the quoted code because the precision is taken into account when reserving memory for the buffer. Unfortunately this is the problem because: #define alloca_array(type, len) ((type *) alloca ((len) * sizeof (type)))
this does not do any checks and also includes an integer overflow and thus it is still possible to reproduce this problem. So the obvious thing is to fix this macro which should be quite important because alloca_array is used at a bunch of different places in the code. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpSKwRjPF406.pgp
Description: PGP signature
