- fix yet another vsprintf buffer overflow (#152963)

2005-04-04 14:01:57 +00:00 · 2005-04-04 14:01:57 +00:00 · de04caba94
commit de04caba94
parent 2a058b6ba7
2 changed files with 17 additions and 1 deletions
--- a/nasm-0.98.39-overfl.patch
+++ b/nasm-0.98.39-overfl.patch
@ -0,0 +1,11 @@
+--- nasm-0.98.39/output/outieee.c.overfl	2005-01-15 23:16:08.000000000 +0100
+++ nasm-0.98.39/output/outieee.c	2005-04-01 12:55:17.231530832 +0200
+@@ -1120,7 +1120,7 @@ static void ieee_putascii(char *format, 
+     va_list ap;
+ 
+     va_start(ap, format);
+-    vsprintf(buffer, format, ap);
+    vsnprintf(buffer, sizeof(buffer), format, ap);
+     l = strlen(buffer);
+     for (i = 0; i < l; i++)
+         if ((buffer[i] & 0xff) > 31)
--- a/nasm.spec
+++ b/nasm.spec
@ -1,8 +1,9 @@
 Summary: A portable x86 assembler which uses Intel-like syntax.
 Name: nasm
 Version: 0.98.39
-Release: 1
+Release: 2
 Patch0: nasm-0.98-boguself2.patch
+Patch1: nasm-0.98.39-overfl.patch
 License: LGPL
 Group: Development/Languages
 Source: http://prdownloads.sourceforge.net/nasm/nasm-%{version}.tar.bz2
@ -37,6 +38,7 @@ include linker, library manager, loader, and information dump.
 %prep
 %setup
 #%patch0 -p1 -b .boguself
+%patch1 -p1 -b .overfl

 %build
 %configure
@ -88,6 +90,9 @@ fi
 %{_bindir}/rdx

 %changelog
+* Fri Apr 01 2005 Jindrich Novy <jnovy@redhat.com> 0.98.39-2
+- fix yet another vsprintf buffer overflow (#152963)
+
 * Thu Mar 31 2005 Jindrich Novy <jnovy@redhat.com> 0.98.39-1
 - update to 0.98.39
 - add BuildRequires ghostscript, texinfo to doc subpackage (#110584)