[AD] 4.9.2 buffer overflow?

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]

To: Coordination of admins/developers of the game programming library Allegro <alleg-developers@xxxxxxxxxx>
Subject: [AD] 4.9.2 buffer overflow?
From: AJ <aj@xxxxxxxxxx>
Date: Tue, 29 Jan 2008 23:27:27 +1100

/4.9.2/src/win/wsystem.c

in function:

char *win_err_str(long err)
{
  static char msg[256];

  FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err,
                MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
                (LPTSTR)&msg, 0, NULL);

  return msg;
}

MSDN says that 2nd to last arg, '0' should be the length of the msgbuffer in TCHARS.the above may have worked out of sheer luck, any message with >256TCHARs has potential for overflow.

Messages sorted by: [ date | thread ]
Prev by Date: [AD] a5_font.h
Next by Date: [AD] 64bit ready?
Previous by thread: Re: [AD] a5_font.h
Next by thread: [AD] 64bit ready?

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/