| 123456789101112131415161718192021222324252627282930313233 |
- From 5d0c6565bab5b9b7efceb33b626916d22b4101a7 Mon Sep 17 00:00:00 2001
- From: Nick Wellnhofer <wellnhofer@aevum.de>
- Date: Thu, 28 Apr 2016 17:34:27 +0200
- Subject: [PATCH] Fix buffer overflow in exsltDateFormat
- Long years can overflow a stack-based buffer on 64-bit platforms by
- up to four bytes.
- Thanks to Nicolas Gregoire for the report.
- Fixes bug #765380:
- https://bugzilla.gnome.org/show_bug.cgi?id=765380
- ---
- libexslt/date.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
- diff --git a/libexslt/date.c b/libexslt/date.c
- index 272c61b..12c9919 100644
- --- a/libexslt/date.c
- +++ b/libexslt/date.c
- @@ -1283,7 +1283,7 @@ exsltDateFormat (const exsltDateValPtr dt)
- }
-
- if (dt->type & XS_GYEAR) {
- - xmlChar buf[20], *cur = buf;
- + xmlChar buf[100], *cur = buf;
-
- FORMAT_GYEAR(dt->value.date.year, cur);
- if (dt->type == XS_GYEARMONTH) {
- --
- 2.8.1
|
