Use vasprintf() if available for error messages and otherwise vsnprintf() (!191) · Merge requests · GStreamer / orc

Tim-Philipp Müller requested to merge tpm/orc:orcc-sprintf-error-messages-CVE-2024-40897 into main Jul 19, 2024

vasprintf() is a GNU/BSD extension and would allocate as much memory as required on the heap, similar to g_strdup_printf(). It's ridiculous that such a function is still not provided as part of standard C.

If it's not available, use vsnprintf() to at least avoid stack/heap buffer overflows, which can lead to arbitrary code execution.

Thanks to Noriko Totsuka for reporting.

Fixes JVN#02030803 / JPCERT#92912620 / CVE-2024-40897

Fixes #69

Note: this does not affect end users of liborc, only developers.

Edited Jul 19, 2024 by Tim-Philipp Müller

Admin message

Use vasprintf() if available for error messages and otherwise vsnprintf()

Merge request reports