[pkg-ggz-maintainers] sn?printf issue
Kees Cook
kees at debian.org
Mon Jan 5 23:01:28 UTC 2009
Hi Josef,
On Mon, Jan 05, 2009 at 11:37:28PM +0100, Josef Spillner wrote:
> I believe r396 of pkg-ggz fixes the issue of sn?printf buffer corruption for
> ggz-client-libs 0.0.14.1. If someone reviews r396 as good (the package is
> in /branches/ggz-client-libs/0.0.14.1-lenny), it could be uploaded.
Great! Thanks for digging into that; I've updated the "handled" list.
> However, using the updated regex, I didn't get any results for the ggzd
> package. What is the issue with it?
You mean "ggz-server"? Its hits[1] are listed with the others in the logs
directory:
./ggz-server-0.0.14.1/game_servers/connectx/ai-velena.c:
snprintf(board, sizeof(board), "%s%i", board, column);
> On GGZ trunk no single hit was found, since we've moved away from sn?printf to
> the much safer ggz_strbuild() which doesn't assume pre-allocated memory at
> all. Yay.
Cool! Thanks again,
-Kees
[1] http://people.ubuntu.com/~kees/sprintf-glibc/logs/ggz-server
--
Kees Cook @debian.org
More information about the pkg-ggz-maintainers
mailing list