-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Both /usr/bin/ppdpo and /usr/bin/ppdhtml dump core with fuzz input #4627
Comments
CUPS.org User: mike Fixed in Subversion repository. |
"str4627.patch": Index: ppdc/ppdhtml.cxx--- ppdc/ppdhtml.cxx (revision 12632) // // Scan the command-line...
for (i = 1; i < argc; i ++)
// Return with no errors. Index: ppdc/ppdpo.cxx--- ppdc/ppdpo.cxx (revision 12632) // // Scan the command-line...
@@ -123,24 +117,29 @@
// Write the message catalog... catalog->release();
- usage();// Return with no errors. |
CUPS.org User: vishwassg Thank u Michael Sweet |
Version: 2.0.2
CUPS.org User: vishwassg
/usr/bin/ppdpo and /usr/bin/ppdhtml dump core if an argument starting with
almost any character(not reproducible with ')', '(', and '&') is passed to
the -D option.
It's reproducible on both sparc and X64.
Steps to reproduce:
/usr/bin/ppdpo -D "almost any character"
Expected result:
Core is not dumped
Actual result:
process terminated by SIGSEGV (Segmentation Fault)
The text was updated successfully, but these errors were encountered: