← Back to index | Original Bugzilla link

Bug 20870 – std.outbuffer.printf is trusted

Status: RESOLVED
Resolution: FIXED
Severity: normal
Priority: P4
Component: phobos
Product: D
Version: D2
Platform: x86
OS: Mac OS X
Creation time: 2020-05-28T11:18:58Z
Last change time: 2024-08-19T15:49:25Z
Keywords: pull, safe
Assigned to: No Owner
Creator: Mathias LANG

Comments

Comment #0 by pro.mathias.lang — 2020-05-28T11:18:58Z

I don't know how that made it past code review. ``` import std.outbuffer; import std.stdio; void main() @safe { char[8] arr = 'a'; auto buff = new OutBuffer(); buff.printf("%.*s", 450000, &arr[0]); writeln(buff.toString()); } ``` This reads random characters off the stack.

Comment #1 by dlang-bot — 2024-07-31T10:59:22Z

@ntrel created dlang/phobos pull request #9037 "Fix Bugzilla 20870 - std.outbuffer.printf is trusted" fixing this issue: - Fix Bugzilla 20870 - std.outbuffer.printf is trusted https://github.com/dlang/phobos/pull/9037

Comment #2 by dlang-bot — 2024-07-31T12:06:03Z

dlang/phobos pull request #9037 "Fix Bugzilla 20870 - std.outbuffer.printf is trusted" was merged into master: - dfd9fcfb84c1afb5acd26a42b3a7f4643332e83c by Nick Treleaven: Fix Bugzilla 20870 - std.outbuffer.printf is trusted https://github.com/dlang/phobos/pull/9037