[LLVMbugs] [Bug 1943] New: A potential single buffer overflow in program.inc for win32
bugzilla-daemon at cs.uiuc.edu
bugzilla-daemon at cs.uiuc.edu
Wed Jan 23 17:16:08 PST 2008
http://llvm.org/bugs/show_bug.cgi?id=1943
Summary: A potential single buffer overflow in program.inc for
win32
Product: libraries
Version: trunk
Platform: PC
OS/Version: Windows 2000
Status: NEW
Severity: enhancement
Priority: P2
Component: Archive library
AssignedTo: unassignedbugs at nondot.org
ReportedBy: humeafo at gmail.com
CC: llvmbugs at cs.uiuc.edu
// First, determine the length of the command line.
unsigned len = 0;
for (unsigned i = 0; args[i]; i++) {
len += strlen(args[i]) + 1;
if (strchr(args[i], ' '))
len += 2;
}
// Now build the command line.
char *command = reinterpret_cast<char *>(_alloca(len)); // should use
len+1 to fix this
char *p = command;
for (unsigned i = 0; args[i]; i++) {
const char *arg = args[i];
size_t len = strlen(arg);
bool needsQuoting = strchr(arg, ' ') != 0;
if (needsQuoting)
*p++ = '"';
memcpy(p, arg, len);
p += len;
if (needsQuoting)
*p++ = '"';
*p++ = ' ';
}
*p = 0; // this may write beyond the boundary
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list