[pkg-ggz-maintainers] sn?printf issue

Kees Cook kees at debian.org
Mon Jan 5 23:01:28 UTC 2009

Hi Josef,

On Mon, Jan 05, 2009 at 11:37:28PM +0100, Josef Spillner wrote:
> I believe r396 of pkg-ggz fixes the issue of sn?printf buffer corruption for
> ggz-client-libs If someone reviews r396 as good (the package is
> in /branches/ggz-client-libs/, it could be uploaded.

Great!  Thanks for digging into that; I've updated the "handled" list.

> However, using the updated regex, I didn't get any results for the ggzd
> package. What is the issue with it?

You mean "ggz-server"?  Its hits[1] are listed with the others in the logs
   snprintf(board, sizeof(board), "%s%i", board, column);

> On GGZ trunk no single hit was found, since we've moved away from sn?printf to
> the much safer ggz_strbuild() which doesn't assume pre-allocated memory at
> all. Yay.

Cool!  Thanks again,


[1] http://people.ubuntu.com/~kees/sprintf-glibc/logs/ggz-server

Kees Cook                                            @debian.org

More information about the pkg-ggz-maintainers mailing list