[Kaffe] could this buffer overflow?
Godmar Back
gback at cs.utah.edu
Fri Feb 5 14:32:09 PST 1999
There's plenty of unchecked buffers in kaffe.
Some are XXXed, others aren't.
Patches are welcome. However, we can't unconditionally use snprintf
cause it doesn't exists everywhere.
About your other patch: we can't use strdup() cause it calls malloc(),
which is not async-signal-safe. But you can of course use KMALLOC().
Along those lines, it appears that the best way of fixing the sprintf
is to KMALLOC a buffer large enough and sprintf into it, as is done
in external.c:native.
What we really want is to provide a kaffe_snprintf function that does not
overflow and also does not call malloc.
- Godmar
More information about the kaffe
mailing list