[Toybox] internationalization with sprintf("%.123s")
Rob Landley
rob at landley.net
Mon Jun 9 05:48:24 PDT 2014
So this bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=6530
Brought to my attention the fact that %s length limiters are
_characters_, not bytes. The default locale is C so it's equivalent up
until you call setlocale(), and then suddenly there's heap and stack
overflow possibilities all over the place.
To fix this I added a TOYFLAG_LOCALE that you have to set in a command
that wants setlocale() called on the way in. It no longer happens by
default when you enable CFG_I18N.
Just FYI: who would have thought that complicating the system and
changing the behavior of all sorts of base library functions in subtle
ways would open security holes?
Rob
More information about the Toybox
mailing list