Change Details

In GnuPG 1.33, formatting "%s", string filter is introduced. But it may be "%.*s". In this case, string filter should not be called, because it may be non-nul-terminated string. Otherwise, the process may get SEGV, in the call of filter accessing invalid memory scanning over allocated area. (If we could be back in the day of 1.32, the filter function would have an argument for args->precision, though).

In libgpg-error 1.33, formatting "%s", string filter is introduced. But it may be "%.*s". In this case, string filter should not be called, because it may be non-nul-terminated string. Otherwise, the process may get SEGV, in the call of filter accessing invalid memory scanning over allocated area. (If we could be back in the day of 1.32, the filter function would have an argument for args->precision, though).

In GnuPG 1In libgpg-error 1.33, formatting "%s", string filter is introduced. But it may be "%.*s". In this case, string filter should not be called, because it may be non-nul-terminated string. Otherwise, the process may get SEGV, in the call of filter accessing invalid memory scanning over allocated area. (If we could be back in the day of 1.32, the filter function would have an argument for args->precision, though).