[cups.bugs] [CRIT] STR #2665: asn1_get_string uses buffer where *buffer is expected
Yannick Moy
y_moy at yahoo.fr
Fri Jan 11 10:04:46 PST 2008
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
>From the patch for STR #2589, I run my analyzer on the code, and buffer is
used where *buffer should be, in the last case, when the string is larger
than the buffer.
if (length < strsize)
{
memcpy(string, *buffer, length);
string[length] = '\0';
}
else
{
memcpy(string, buffer, strsize - 1); <<<<<< HERE
string[strsize - 1] = '\0';
}
(*buffer) += length;
Link: http://www.cups.org/str.php?L2665
Version: 1.3.4
More information about the cups
mailing list