Red Hat Bugzilla – Bug 1264784
tmux: xsnprintf hardening
Last modified: 2017-01-25 07:49:58 EST
+++ This bug was initially created as a clone of Bug #1036161 +++
xsnprintf makes fortify protection ineffect. It should be an inline function or a #define.
The function does not guard against negative or oversized return values, and callers assume that it always returns values in the range [0, size - 1] (see arguments.c:args_print() for an
--- Additional comment from David Cantrell on 2013-12-12 17:38:20 CET ---
Can you show me a patch for what you're looking for?
--- Additional comment from Florian Weimer on 2014-06-09 13:12:40 CEST ---
(In reply to David Cantrell from comment #2)
> Can you show me a patch for what you're looking for?
An extensive explanation is available in this blog post: https://securityblog.redhat.com/2014/03/12/the-trouble-with-snprintf/
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
Thank you for reporting this bug and we are sorry it could not be fixed.
This was fixed upstream as part of tmux 2.2, with commit