a98fa52ec6
We convert a string like "W32:vendor/device" into "I:vendor;I:device", where the output is longer than the input, but only allocate space equal to the length of the input, leading to a buffer overflow. Instead use open_memstream so we get a safe dynamically-grown buffer. Found by: CHERI Reviewed by: imp, jhb (mentor) Approved by: imp, jhb (mentor) Obtained from: CheriBSD Differential Revision: https://reviews.freebsd.org/D26637 |
||
|---|---|---|
| .. | ||
| ef_aarch64.c | ||
| ef_amd64.c | ||
| ef_i386.c | ||
| ef_mips.c | ||
| ef_nop.c | ||
| ef_obj.c | ||
| ef_powerpc.c | ||
| ef_riscv.c | ||
| ef.c | ||
| ef.h | ||
| fileformat | ||
| kldxref.8 | ||
| kldxref.c | ||
| Makefile | ||
| Makefile.depend | ||