Page MenuHome GnuPG

libgpg-error: String filter should *NOT* be called with non-nul-terminated string
Open, NormalPublic

Description

In libgpg-error 1.33, formatting "%s", string filter is introduced.
But it may be "%.*s". In this case, string filter should not be called, because it may be non-nul-terminated string.
Otherwise, the process may get SEGV, in the call of filter accessing invalid memory scanning over allocated area.

(If we could be back in the day of 1.32, the filter function would have an argument for args->precision, though).

Event Timeline

gniibe created this task.
gniibe added a project: gpgrt.
gniibe updated the task description. (Show Details)
werner triaged this task as Normal priority.Sep 30 2023, 2:08 PM
werner added a subscriber: werner.

I guess we should add an extended API to set the filter.

gniibe mentioned this in Unknown Object (Event).Oct 2 2023, 9:06 AM