1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
Description: Fix for CVS-2018-20004
From https://github.com/michaelrsweet/mxml/commit/4f5577dd4672d228e4180f06bdbd66f343ea45e0#diff-d496945b915e8b08736787aca9e8df5a
Author: Michael R. Sweet
Bug-Origin: https://bugs.debian.org/918007
Index: mxml-2.12/CHANGES.md
===================================================================
--- mxml-2.12.orig/CHANGES.md
+++ mxml-2.12/CHANGES.md
@@ -1,3 +1,8 @@
+# Changes in Mini-XML CURRENT
+
+- Fixed a potential buffer overflow when writing floating point data
+ (Issue #233)
+
# Changes in Mini-XML 2.12
- Added yet more documentation about using `MXML_OPAQUE_CALLBACK` when you want
Index: mxml-2.12/mxml-file.c
===================================================================
--- mxml-2.12.orig/mxml-file.c
+++ mxml-2.12/mxml-file.c
@@ -2881,7 +2881,7 @@ mxml_write_node(mxml_node_t *node, /
col ++;
}
- sprintf(s, "%d", current->value.integer);
+ snprintf(s, sizeof(s), "%d", current->value.integer);
if (mxml_write_string(s, p, putc_cb) < 0)
return (-1);
@@ -2911,7 +2911,7 @@ mxml_write_node(mxml_node_t *node, /
col ++;
}
- sprintf(s, "%f", current->value.real);
+ snprintf(s, sizeof(s), "%f", current->value.real);
if (mxml_write_string(s, p, putc_cb) < 0)
return (-1);
|
