[PATCH] Fix potential heap corruption in "gpg -v --version"

Werner Koch wk at gnupg.org
Tue Oct 30 11:08:13 CET 2012

On Sat, 27 Oct 2012 22:07, ldv at altlinux.org said:

> In multibyte locales translated strings are usually longer (in bytes) than
> in C locale.  The 1st argument of build_list() is a translated string.

Okay, that is the keyword which makes it clear.

> Besides that, build_list() does other funny things with memory allocation
> and string operations, e.g. its only purpose of doing "xmalloc( 21 + n )"
> is confusing an observer because it doesn't need these extra 21 bytes,

I'll look at this too.

> Do you want a patch for tests/openpgp/version.test that would invoke "gpg
> -v --version" in a multibyte locale?  It would have to use po/*.mo files,

No.  That is currently too complicated.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list