Red Hat Bugzilla – Bug 67090
cal program overflows string with wcscat()
Last modified: 2007-04-18 12:43:18 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; SunOS 5.7 sun4u)
Description of problem:
When I attempt to run the 'cal' program with libsafe 2.0.16
linked in, I get the following output from libsafe:
Libsafe version 2.0.16
Detected an attempt to write across stack boundary.
uid=xxx euid=xxx pid=22338
Overflow caused by wcscat()
Tim Tsai from Avaya Labs (author of libsafe) writes:
This is a real bug in the cal code. There is function called
headers_init() in the file util-linux-2.11n/misc-utils/cal.c. The
author uses the wcscat() function without checking to make sure that
there is enough room in the destination string.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install libsafe:
3. run cal
Actual Results: See description
Expected Results: Should have seen this month's calendar.
2.11n-17 should have a patch to fix the problem