https://bugzilla.novell.com/show_bug.cgi?id=733140 https://bugzilla.novell.com/show_bug.cgi?id=733140#c0 Summary: glibc sprintf crashes if there are too many format strings Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bartoschek@or.uni-bonn.de QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=464383) --> (http://bugzilla.novell.com/attachment.cgi?id=464383) Program showing the problem User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2 I have program that crashes only on opensuse 12.1 and not on opensuse 11.2, 11.3 and 11.4. The crash occurs in sprintf. Rich Coe is our hero, because he was able to isolate the problem wrote a small program that shows the crash. See the attached file on how to reproduce the problem. I think the issue has also a high security impact, because programs that rely on a working sprintf might use this hole to overwritte arbitrary memory. Reproducible: Always Steps to Reproduce: 1. Compile the attached program 2. Run it. Actual Results: It crashes. Expected Results: A path is printed and no crash occurs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.