--On Donnerstag, 15. September 2005 13:16 +0200 Radek Vokál <rvokal@redhat.com> wrote:
Hi Peter,
again looking into the code, I found another stack corruption :) It's rather stupid off by one for tempstring when you forget about ending \0:
--- ipv6calc/showinfo.c~ 2005-09-15 12:49:22.467626560 +0200 +++ ipv6calc/showinfo.c 2005-09-15 12:49:22.467626560 +0200 @@ -286,7 +286,7 @@ #define DEBUG_function_name "showinfo_ipv6addr" int showinfo_ipv6addr(const ipv6calc_ipv6addr *ipv6addrp1, const uint32_t formatoptions) { int retval = 1, i, j, flag_prefixuse, registry; - char tempstring[NI_MAXHOST] = "", helpstring[NI_MAXHOST] = ""; + char tempstring[NI_MAXHOST+1] = "", helpstring[NI_MAXHOST+1] = ""; ipv6calc_ipv6addr ipv6addr, *ipv6addrp; ipv6calc_ipv4addr ipv4addr; ipv6calc_macaddr macaddr;
Also using of
snprintf(helpstring, sizeof(tempstring), "%s,", tempstring);
is not very nice but here sort of harmless because helpstring and tempstring are the same size. But it's not so right anyway ..
Unfortunately, this bug is everywhere...no wonder that showinfo crashed also by me...will fix them now all. Peter -- Dr. Peter Bieringer http://www.bieringer.de/pb/ GPG/PGP Key 0x958F422D mailto: pb at bieringer dot de Deep Space 6 Co-Founder and Core Member http://www.deepspace6.net/