From: Ben Pfaff <blp@cs.stanford.edu>
Date: Sun, 27 Aug 2017 19:32:50 +0000 (-0700)
Subject: data-out: Pass correct width to value_str() in output_AHEX().
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=feba48309a227fe40feb3a87cbe900015021ac73;hp=feba48309a227fe40feb3a87cbe900015021ac73;p=pspp

data-out: Pass correct width to value_str() in output_AHEX().

AHEX16 is short enough to work as a short string, but output_AHEX() was
treating it as a long string, which caused string data to be dereferenced
as a pointer.

CVE-2017-12958.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482429.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12958.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12958.
Found by team OWL337, using the collAFL fuzzer.
---