aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorPaul Pluzhnikov <ppluzhnikov@google.com>2015-02-06 00:30:42 -0500
committerCarlos O'Donell <carlos@systemhalted.org>2015-02-06 00:34:51 -0500
commit5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 (patch)
treea77a8efbf88a4eed15cfefe4e5d570d380985c1c /ChangeLog
parent04cb913ddf67ac90da274dd32b6ceafd57ca36ca (diff)
downloadglibc-5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06.tar
glibc-5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06.tar.gz
glibc-5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06.tar.bz2
glibc-5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06.zip
CVE-2015-1472: wscanf allocates too little memory
BZ #16618 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. A regression test was added to tst-sscanf.
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog8
1 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 4916b03d0b..d23d3ae926 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-02-05 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #16618]
+ * stdio-common/tst-sscanf.c (main): Test for buffer overflow.
+ * stdio-common/vfscanf.c (_IO_vfscanf_internal): Compute needed
+ size in bytes. Store needed elements in wpmax. Use needed size
+ in bytes for extend_alloca.
+
2015-02-05 Carlos O'Donell <carlos@systemhalted.org>
* manual/install.texi: Latest tested versions are GCC 4.9.2,