Fix [bad6cc213d]: A format string vulnerability in Tcl nmakehelp.c al…

…lows code execution via a crated file. Also change a memcpy() to a memmove(), because the range could be overlapping
tcltk · Jun 22, 2021 · 30db6ce · 30db6ce
1 parent e809cad
commit 30db6ce
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/win/nmakehlp.c b/win/nmakehlp.c
@@ -537,7 +537,7 @@ GetVersionFromFile(
 		    ++q;
 		}
 
-		memcpy(szBuffer, p, q - p);
+		memmove(szBuffer, p, q - p);
 		szBuffer[q-p] = 0;
 		szResult = szBuffer;
 		break;
@@ -674,7 +674,7 @@ SubstituteFile(
 		    memcpy(szBuffer, szCopy, sizeof(szCopy));
 		}
 	    }
-	    printf(szBuffer);
+	    printf("%s", szBuffer);
 	}
 
 	list_free(&substPtr);