Skip to content

Commit e37b620

Browse files
committed
Issue #767: Buffer overflow printing a filename
The safe_fprintf function attempts to ensure clean output for an arbitrary sequence of bytes by doing a trial conversion of the multibyte characters to wide characters -- if the resulting wide character is printable then we pass through the corresponding bytes unaltered, otherwise, we convert them to C-style ASCII escapes. The stack trace in Issue #767 suggest that the 20-byte buffer was getting overflowed trying to format a non-printable multibyte character. This should only happen if there is a valid multibyte character of more than 5 bytes that was unprintable. (Each byte would get expanded to a four-charcter octal-style escape of the form "\123" resulting in >20 characters for the >5 byte multibyte character.) I've not been able to reproduce this, but have expanded the conversion buffer to 128 bytes on the belief that no multibyte character set has a single character of more than 32 bytes.
1 parent 36bb164 commit e37b620

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: tar/util.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...)
182182
}
183183

184184
/* If our output buffer is full, dump it and keep going. */
185-
if (i > (sizeof(outbuff) - 20)) {
185+
if (i > (sizeof(outbuff) - 128)) {
186186
outbuff[i] = '\0';
187187
fprintf(f, "%s", outbuff);
188188
i = 0;

0 commit comments

Comments
 (0)