Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #15363
| From | Roland Illig <roland.illig@gmx.de> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | possible buffer overflow by bad translation |
| Date | 2019-09-15 20:24 +0200 |
| Message-ID | <mailman.295.1568571866.2190.bug-bash@gnu.org> (permalink) |
| References | <7e38edcd-b44f-3287-1406-c7353a74109b@gmx.de> |
>From siglist.c:
sys_siglist[i] =
(char *)xmalloc (10 + strlen (_("Unknown Signal #")));
sprintf (sys_siglist[i], _("Unknown Signal #%d"), i);
If the translator doesn't look at the code using these two messages,
they may be translated in a totally different way. Luckily, in the
current German translation, the malloc string is only one character
shorter than the sprintf string, therefore this bug would only cause
undefined behavior for very large signal numbers.
Nevertheless, this must be fixed. The same string must be used for
xmalloc and sprintf. What about the standard pattern of using snprintf
with a null pointer first, to determine the actually needed memory?
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
possible buffer overflow by bad translation Roland Illig <roland.illig@gmx.de> - 2019-09-15 20:24 +0200
csiph-web