[quake3-bugzilla] [Bug 4907] New: String overflow via [_]vsprintf

Tue Feb 15 17:23:00 EST 2011

https://bugzilla.icculus.org/show_bug.cgi?id=4907

           Summary: String overflow via [_]vsprintf
           Product: ioquake3
           Version: SVN HEAD
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: critical
          Priority: P3
         Component: Misc
        AssignedTo: zakk at icculus.org
        ReportedBy: mine at ukr.net
         QAContact: quake3-bugzilla at icculus.org

Created attachment 2613
  --> https://bugzilla.icculus.org/attachment.cgi?id=2613
partial fix

Looks like MSVC' implementation of [_]vsprintf() function doesn't put final
'\0' in case of text overflow - means resulting string becomes unterminated,
also it returns -1 in that case. Bug affects mingw builds too (imports
msvcrt.dll)

Suggested solution is for engine only atm

-- 
Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.