projects / pspp / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7891023) | patch
data-out: Pass correct width to value_str() in output_AHEX().
authorBen Pfaff <blp@cs.stanford.edu>
Sun, 27 Aug 2017 19:32:50 +0000 (12:32 -0700)
committerBen Pfaff <blp@cs.stanford.edu>
Sun, 27 Aug 2017 19:32:50 +0000 (12:32 -0700)
commitfeba48309a227fe40feb3a87cbe900015021ac73
treec54c87712385a5bff6e03671586b8c691334b413tree | snapshot
parent7891023bc75024553f2564017b685cdb13eeec33commit | diff
data-out: Pass correct width to value_str() in output_AHEX().

AHEX16 is short enough to work as a short string, but output_AHEX() was
treating it as a long string, which caused string data to be dereferenced
as a pointer.

CVE-2017-12958.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482429.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12958.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12958.
Found by team OWL337, using the collAFL fuzzer.
NEWS diff | blob | history
src/data/data-out.c diff | blob | history
tests/data/data-out.at diff | blob | history
Unnamed repository; edit this file to name it for gitweb.