From d9f3adc04f69adebb1ec3a5deb30fab3978430bb Mon Sep 17 00:00:00 2001 From: Ralf Baechle Date: Wed, 26 Jul 2017 00:48:03 +0200 Subject: call: Fix buffer overflow. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When sending files of 1GB or larger, size_buffer was not large enough to hold the number including a trailing \0. This also fixes the following warning: gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -Wall -MT yapp.o -MD -MP -MF .deps/yapp.Tpo -c -o yapp.o yapp.c yapp.c: In function ‘yapp_upload_data’: yapp.c:200:24: warning: ‘%ld’ directive writing between 1 and 11 bytes into a region of size 10 [-Wformat-overflow=] sprintf(size_buffer, "%ld", length); ^~~ yapp.c:200:23: note: directive argument in the range [-2147483648, 2147483647] sprintf(size_buffer, "%ld", length); ^~~~~ yapp.c:200:2: note: ‘sprintf’ output between 2 and 12 bytes into a destination of size 10 sprintf(size_buffer, "%ld", length); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Ralf Baechle --- call/yapp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'call') diff --git a/call/yapp.c b/call/yapp.c index 8260ab0..cc61e90 100644 --- a/call/yapp.c +++ b/call/yapp.c @@ -191,7 +191,7 @@ static void Send_CN(char *reason) static void Send_HD(char *filename, long length) { char buffer[257]; - char size_buffer[10]; + char size_buffer[12]; int len_filename; int len_size; int len; -- cgit v1.2.3