Re: [remote] [control] NASM 0.98.38 error() overflows buff[]

Stanislav Karchebny wrote:
> On Wednesday 15 December 2004 13:20, D. J. Bernstein wrote:
>
>
> > Here's the bug: In preproc.c, error() uses an unprotected vsprintf() to
> > copy data into a 1024-byte buff[] array.
> >
> > ---D. J. Bernstein, Associate Professor, Department of Mathematics,
> > Statistics, and Computer Science, University of Illinois at Chicago
>
>
> Thank you D.J.! We will fix it asap.

I've fixed it by using vsnprintf() instead.  While I was in there, I 
also changed all of the unsafe sprintf() calls to safer snprintf() 
calls.  Files affected were: preproc.c, disasm.c, ndisasm.c, listing.c, 
labels.c, nasm.c, and disasm.h.

Ed



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/