This repository was archived by the owner on Jun 1, 2023. It is now read-only.
This repository was archived by the owner on Jun 1, 2023. It is now read-only.
Fix sprintf ULONG limits to int #344
Description
An sv argument index may not exceed INT_MAX, as this is a stack offset. Allowing ulong is a severe security risk, recently introduced with 5.27.6 upstream to sprintf. Even ulong_max/4 is way too large.
Similar can be said for width and precision fields, which should be limited to INT_MAX.
Floating point precision is internally limited to 6-32 (FLT128_DIG), so limit this value to 1024. The current limit is IN_MAX resp. ULONG_MAX with perl5.27.6 which leads to panic: memory wrap, and out of memory errors.
cperl should not be easily dos'able. overlong string >2G length need to be constructed otherwise.
fix the API to use proper types.