[vbox-dev] Proposed patch that fixes buffer overflow in dprintf.

Denis Medvedev nbr at altlinux.org
Mon Nov 28 09:14:55 UTC 2016 

Sorry, that patch was  a reverse.

This is a right  patch.

diff --git 
a/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c 
b/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
index 906ec9b..18edcc0 100644
--- 
a/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
+++ 
b/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
@@ -1605,7 +1605,7 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE *fp, 
const dt_pfargv_t *pfv,
                         width = 0;

                 if (width != 0)
-                       f += snprintf(f, sizeof (format) - (f - format), 
"%d", ABS(width));
+                       f += snprintf(f,(((sizeof 
(format)-(f-format))>0) ? sizeof(format) - (f-format):0), "%d", ABS(width));

                 if (prec > 0)
                         f += snprintf(f, sizeof (format) - (f - 
format), ".%d", prec);




On 11/28/2016 12:11 PM, Denis Medvedev wrote:
> Dear developers,
>
> I am proposing the following patch under MIT license. It fixes buffer 
> overflow in dtprintf.  That error  does not allow compilation
>
> of VirtualBox with strict gcc checks.
>
>
> diff --git 
> a/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c 
> b/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c 
>
> index 18edcc0..906ec9b 100644
> --- 
> a/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
> +++ 
> b/VirtualBox/src/VBox/ExtPacks/VBoxDTrace/onnv/lib/libdtrace/common/dt_printf.c
> @@ -1605,7 +1605,7 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE *fp, 
> const dt_pfargv_t *pfv,
>                         width = 0;
>
>                 if (width != 0)
> -                       f += snprintf(f,(((sizeof 
> (format)-(f-format))>0) ? sizeof(format) - (f-format):0), "%d", 
> ABS(width));
> +                       f += snprintf(f, sizeof (format) - (f - 
> format), "%d", ABS(width));
>
>                 if (prec > 0)
>                         f += snprintf(f, sizeof (format) - (f - 
> format), ".%d", prec);
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev

More information about the vbox-dev mailing list