Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #15363
| Path | csiph.com!3.us.feeder.erje.net!feeder.erje.net!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Roland Illig <roland.illig@gmx.de> |
| Newsgroups | gnu.bash.bug |
| Subject | possible buffer overflow by bad translation |
| Date | Sun, 15 Sep 2019 20:24:20 +0200 |
| Lines | 17 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.295.1568571866.2190.bug-bash@gnu.org> (permalink) |
| References | <7e38edcd-b44f-3287-1406-c7353a74109b@gmx.de> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1568571867 30550 209.51.188.17 (15 Sep 2019 18:24:27 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1568571861; bh=uSuAd2fy0Q/r++6/C7r44e8nHCR+JaJQbd1QgTH01rw=; h=X-UI-Sender-Class:To:From:Subject:Date; b=H2MRHx+MR2vuzw1IncInKgL62fJyFYTXpR5lLu6zL7OEncXPcEuyxl4N3LjniOUeu T5CXB+Dxi12yRrcW7D5uZomI83x+iGNIOOOVwbNZ3nY41SPfn4tW1NYOxDl2h7bZ93 xuWSNec9T6YjzkH8ZqBCzTwKYTwvnQ7nzlncizU0= |
| X-UI-Sender-Class | 01bb95c1-4bf8-414a-932a-4f6e2808ef9c |
| Openpgp | preference=signencrypt |
| Autocrypt | addr=roland.illig@gmx.de; prefer-encrypt=mutual; keydata= mQINBFTDftcBEAC9aYSp8L57/Zp/ToQ8OMRNIoBqNNWF6pygl58AW1uiL8ewruCBWVpROvjR zpccRHhpLNu/HqOI70F2Lr1EMIfNgKTNWjAoVEg/NM6JtyPP46p3KHJDNENCCgNBAlQtsJyn 4eH66hGuEUXngSEs9FGJIBFb/dWx3Bmk4EbGsPb7wjUqu69iXiTcq0BB/kFsvQdtWpfeAMO+ V/wpcP0k9/PLM7Njfl3dCeHGqXfEoEksmpFLjqWgn7TVZphcfQqOTRBO4eBJV1Nj+9qfuVRN 8w2ZMtZrcBAb5P1KuSN5szL/xZ/HV/xKsaIkdYKOaRg4IvYFdXb5oXLVJEYTz6pGLmGrVrP7 GGtVJGdkxQxMthtiG2lxhG2aFKZoJr2JGNEN9p5e6tmQnkuIheUQm/RSG2s1NcaDk3Oje3RD X6S7KwsWfXvKejhQqRu7XW9k6WcbGyjIZRDulkXZ4EuBL9rJA/1OkNUU1b91mFlyIrBQyrT/ douwRCtwfMxC5RshA4PpXXdr6wD987n3yzVRzv5kODlMYg5huN7YLnhaseC+5hfGCx7Icf9e 1rB+a7TvnWmDiOY0oITnC6A+IX/8UebkhAjdxi5ZMY7Mzzk5Iak4hgsQod+M9UoEfRMZ5v3R kDfZvvqF3nOx32oa129czT5OYSzhuZJIw5KSeDJ6P1maPJHa8wARAQABtCJSb2xhbmQgSWxs aWcgPHJvbGFuZC5pbGxpZ0BnbXguZGU+iQI+BBMBAgAoBQJUw37XAhsjBQkJZgGABgsJCAcD AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBK0bmztFpY8LsBD/0bwYpdETviRgEehQ18IQKNXc7O C6a8ygDDjA4Z/JPAFcC+paknwOiCvBR/upXrdwo3bLC4r12IsJ12zGQKkjMaJ1GhqR7yFzD7 hDIpFdbdD+PQGHSCLNawzYRry168mtwAZ/1Bl8T+b5K/qhV+tKuAjhSnTtCsagSTdsCFEcaM gDEAyyyf/Uwk3ARR4uK//gp0nvaRnJH/Uy4QRAXVuVeG9coa9B3+L3WJQHv33RnHVsfiECdO Jbo2wJjpnTWP1g1tjOBWQhl5gn6WCtOwDZHe0vqINpm8n3W/LGAsvOS47XfLM1lK2j/ZPgTx SYKbUN6T3lk1FhFqtHEK7aOXvu2KcfehTC2mZo7JQu/BI4iNgPbSG7/tb+2PqTwkuhkWCFch 1XJOIT1pplJjRVf/oNmHAMpCxXHAV8D1L9pTWexyneor4jnawrhn32fdYyL30UYSRienNA3M LNWcPfoa3oHzsjogSFxfQMZc1dQJ28MCKJE5v1iAzyE3Em9QrmQMRsrgAUaPhJZPeFQ8Rwm+ 9Mg9I4z0aiqEacYtgi93bYFbLEl+BTeqk+a/mGHT29KBQf7VwQKW+zgX5HtY2iXZSHHblhkc a38G62jrgrmLf1QupVYe971gLtjomD75GSc3ZQwkjZt2G28o0N5XN94rd1zDrsAKz/B7RUPW 6RV4to7RDbkCDQRUw37XARAAxLgrihdVjY3oOOhyepsqy1E4slLyV6TjVqYlxxKl/QCHVxAf 5x5r+ZE8Y69GU0k9PBfeonK1q3eiVw00/mDy7qvloKqg7w0hjQjuaZb+GeB9CyEcGeGk01Ei mkFE/voRPz8BsJgtRafwTfOuMa6jeTINYG3TVizGvji+kXNBsb/woOhLF3ywAp8Nuw58SyxU vjAMZZmKe64IllsDRN7+p4wauXv55alTPX8vYk65bYxHT7iqbOn9UyEoWWleifhggPXoM6AU 7WRKX5nugiaOJ0yQz9FssQzrL405hiQ2QY568RYKkBsgyl3Vm0Ca4/KgCNbATktYLKSzVGiL s/nkIhWBhr+bUsTKQUSDh6MIqLdJXf+yI0Nn4OJUeJohzBCNDAHyw0GJpB1B4PId5nC+9WmB 61q6xtUugFoG7kIa9njky3RY6ZWcooEZblGIT9m/1Qz+VpC/28D1OT1554v8VV9rd0QV8gdi k2OYDhScmltS9YVSjrsXoYaxDMw252ks8chC5vUNvLcI0B3JSV765UO3NIqRFgKtYL0E22Uy 2WbzjMQHyWjz0fKgSCZCBB4X1rBau3U86Z2WobHARVvrbEHhGJIbCHVfM+dvF93EUGCtA1Ru aReqRidcf6sV4ZJfDQjzCnnzzcpt0N8xjIK3ZKVSoTzECUV4OIi71p4u4Q0AEQEAAYkCJQQY AQIADwUCVMN+1wIbDAUJCWYBgAAKCRBK0bmztFpY8EeRD/0UzV8+0WT1eCdsGaSjtKhF9DtI eVlPiE8taBzAnPrYAwSoXikK9KJ5oVFfD8lxwkFkUD35liHkTWWvH8N9+j6wCNhMBtV3dJw8 JSM8l/DO6WHhoe+YsMMW1Taz33WzeNba99JhJi7fk0w5hJjBeLIxXPgoW8bJTBzl8wqHkeKb DSFayx6apEOS8n8Oi63DOTTW/NgnN2IjcwT8UNZ+Tuc5JJI12sOvvkkBh0oYKqbyxx0uJeJP rvczWm1Q04HrG0Ycp3WgoeE1jhi5i1ahLw/bA4wMy1dfcRJN6MBSDABGtb4AL2DAKB0M7qGM GtjRJrgngmkTUclhHJI1KteQ+kJNWYsIGmZLTABQ6nn+dFzznZ7L4lCeiYA2QFO9wKSK7780 MtiZtbqiQ0HXpaI+CtekPKQXBektZdyqmks8Y4gXkH0LMI/0q3wpmznnL4VVk4dRZMW6M615 O7kzQIuUKgBYwAHRNJA4k8PtDx/sqmIiedunwTM+00otwOHEKEIo3wVQnI9XuMb+gQt0cJQV qwsQYI+OJD70PDeWnsjRyQAaBpoPn1P28Ixa6+S0Zwp9rrOLhWnKsyV/SleboL6+u4JUNOCq vG70x7k4DE7Z+6NMMKgkWyiEo+fUgDkAdo8wrTwClzP58UTta149JPwzmXMzH+8FUazUfa3l gUCywTy00g== |
| User-Agent | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 |
| Content-Language | de-DE |
| X-Provags-ID | V03:K1:J5Vlb625YGAmUg6J0Qz0MsbWIeKw8km9GpSBbqHwxnNm5HP10mz 7n+4gxDLXKccZDmQgVTQpfTRBToNAbZ+PU1SJa+btZ5nA66vjxgYBcck0zGsgGLuJQHQHVk WyJptbUJ76kMxUUoCri+uNUl1wFpuyr1rXS86cfY1WqNsVV7DmjxdjBZU2++GY62/WAUZpu PPZ3LcNWYRscIdokOaGUg== |
| X-UI-Out-Filterresults | notjunk:1;V03:K0:bddw5dvNVUk=:Qjyha/DOa+ac/p+K7fDa6W KLmWE/7uo4I9c5Dgumy3Vpq1OtdZUUC9qc9xTNAgPJKHXtui/xhgnAfe8L2+hbkaKs+I3Haos WZ/YNWsZ674BR1kkLSwua50bZCQKdS7oU0kY+dhCppTJJdnPdmdJSrQeYiC9LphlHbvY+LJKq Pia4tQV/zj99Z10hvyqSuSKgKL/0hBvYjwkqUF+NYZ8idRk3jQrgzhVNHNoomLgUKX4Q/qXDR 7CevBz6QuE4wkCXE6/99pLkrwQl0HNsrbWa7ckJGnCYb85SbEj5lJSmTLcFtlyBERnZkiN9LZ 2cNTF17i5s7z8eUfOhnVcCIOaIEnqTLCYpEiNCv0B+0L/8VijFv2Hvm/d58BvDseNN3PZ54WS 5olx/ek2Xta0vbRgBF8OPBtsTu9tdDI2XTD0wQsghpCl0jIMqaUbIlV7UWUu4Xss1zvQDYbGo dKnRnzfbqC/cy7NP7XNjlbol1g7exmnwtSx+y1MGJp+Y05Bt38rD6Mp0TCLCFejj8onhOu1bQ lgQnAxj/gBgfZp19xG7GCQ14CzJkxf7Ong3dZPTHJqLS7PhT9cHANRlFjat+Y6Vp7X6SZ4Lnd NRBqxxIoTCnVSCjoMM5lvLvD1Wz9l04IdfWQtxwMJ72J5/9IpT61i2CKqU2G2lWLFrb9Nc5fY zkhIfN63QIB+TcLSIaMawcYSTnbUzGZ9jLjhXrnAoz5ms3oA6TyqUqJQlKFWdTXBGck4M+2Mk MPQJRt7c2n++28KXbbkNDm0DigxGjlyqefvLra3t+xrAzKyI9pYmLblzCvhCzJF2amhvRGh2d 4++LaovK8aJ5q3M6GlZajw6ymu2NnQKVzF9tqBzVl7jVBqlfmxjW5IYQK6jpfQUqyccIPsrTv V9JVvvcO3hw/ft95ilfbPrEQw6NnSk626cLBKZgPI8Z4hjv5gTxGqm1rmITZg/w0SXSgOMq9y +SMCHrDrQkqQVAHK2QLLOsR7LaIXYLzbBpoHj8it08elkJP8N+Fe8qJD5c/m6CTfYQ4LS0iz4 NkIPDaKSZdWTsMR/L6hyCxifEBeuC/iQW0OQoHXflclkV+k8CpYH6//746IKlOw/Dtfl0sAQ2 BbCFuSTgNekRdn4XRXUySiCIDUl4P3Qhn+TGVLZaq1WBQJd6oa4szb11nh7/b6eeuAviyrEia B76P3xpmaZtlJ8WrU6RmZkzAG8eNPFmLetFS4bnIs3esAecaiwaPS/Qfl3uneLJk90tJ7RgR/ rqccljZN3VqYQRIQc7OxOIq70/ipxZPtw/KukiFtwbjtwA7t28IG++rAC4vU= |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] |
| X-Received-From | 212.227.17.20 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.23 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <https://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <7e38edcd-b44f-3287-1406-c7353a74109b@gmx.de> |
| Xref | csiph.com gnu.bash.bug:15363 |
Show key headers only | View raw
>From siglist.c:
sys_siglist[i] =
(char *)xmalloc (10 + strlen (_("Unknown Signal #")));
sprintf (sys_siglist[i], _("Unknown Signal #%d"), i);
If the translator doesn't look at the code using these two messages,
they may be translated in a totally different way. Luckily, in the
current German translation, the malloc string is only one character
shorter than the sprintf string, therefore this bug would only cause
undefined behavior for very large signal numbers.
Nevertheless, this must be fixed. The same string must be used for
xmalloc and sprintf. What about the standard pattern of using snprintf
with a null pointer first, to determine the actually needed memory?
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
possible buffer overflow by bad translation Roland Illig <roland.illig@gmx.de> - 2019-09-15 20:24 +0200
csiph-web