9cd6dd60d6
We convert a string like "W32:vendor/device" into "I:vendor;I:device", where the output is longer than the input, but only allocate space equal to the length of the input, leading to a buffer overflow. Instead use open_memstream so we get a safe dynamically-grown buffer. Found by: CHERI Reviewed by: imp, jhb (mentor) Approved by: imp, jhb (mentor) Obtained from: CheriBSD Differential Revision: https://reviews.freebsd.org/D26637 |
||
---|---|---|
.. | ||
ef_aarch64.c | ||
ef_amd64.c | ||
ef_i386.c | ||
ef_mips.c | ||
ef_nop.c | ||
ef_obj.c | ||
ef_powerpc.c | ||
ef_riscv.c | ||
ef.c | ||
ef.h | ||
fileformat | ||
kldxref.8 | ||
kldxref.c | ||
Makefile | ||
Makefile.depend |