[PATCH] Fix potential heap corruption in "gpg -v --version"
wk at gnupg.org
Tue Oct 30 11:08:13 CET 2012
On Sat, 27 Oct 2012 22:07, ldv at altlinux.org said:
> In multibyte locales translated strings are usually longer (in bytes) than
> in C locale. The 1st argument of build_list() is a translated string.
Okay, that is the keyword which makes it clear.
> Besides that, build_list() does other funny things with memory allocation
> and string operations, e.g. its only purpose of doing "xmalloc( 21 + n )"
> is confusing an observer because it doesn't need these extra 21 bytes,
I'll look at this too.
> Do you want a patch for tests/openpgp/version.test that would invoke "gpg
> -v --version" in a multibyte locale? It would have to use po/*.mo files,
No. That is currently too complicated.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel