new bug: Checking a format for 'os.date' may read pass the format string

author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2016-07-15 14:24:09 -0300
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2016-07-15 14:24:09 -0300
commit: 788109a3de05462f19c5c05033581c1eab9e9283 (patch)
tree: b72b80833fd37b2fe72ad8c7e8e80e77357d7fce /bugs
parent: 09c9fa36eac9d9f8f16d03a36f8b777670c5a6e4 (diff)
download: lua-788109a3de05462f19c5c05033581c1eab9e9283.tar.gz
lua-788109a3de05462f19c5c05033581c1eab9e9283.tar.bz2
lua-788109a3de05462f19c5c05033581c1eab9e9283.zip
1 files changed, 23 insertions, 0 deletions
diff --git a/bugs b/bugs
index d0f9ad1e..4dc02d4b 100644
--- a/bugs
+++ b/bugs
@@ -3641,6 +3641,29 @@ patch = [[
 }
+Bug{
+what = [[Checking a format for 'os.date' may read pass the format string]],
+report = [[Nagaev Boris, 2016/07/10]],
+since = [[5.3.3]],
+fix = nil,
+example = [[
+This bug does not seem to happen with regular compilers.
+It needs an "interceptor" 'memcmp' function that continues
+reading memory after a difference is found.]],
+patch = [[
+2c2
+< ** $Id: loslib.c,v 1.64 2016/04/18 13:06:55 roberto Exp roberto $
+---
+> ** $Id: loslib.c,v 1.64 2016/04/18 13:06:55 roberto Exp $
+263c263,264
+<   for (option = LUA_STRFTIMEOPTIONS; *option != '\0'; option += oplen) {
+---
+>   int convlen = (int)strlen(conv);
+>   for (option = LUA_STRFTIMEOPTIONS; *option != '\0' && oplen <= convlen; option += oplen) {
+]]
+}
 --[=[
 Bug{
 what = [[ ]],
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2016-07-15 14:24:09 -0300
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2016-07-15 14:24:09 -0300
commit	788109a3de05462f19c5c05033581c1eab9e9283 (patch)
tree	b72b80833fd37b2fe72ad8c7e8e80e77357d7fce /bugs
parent	09c9fa36eac9d9f8f16d03a36f8b777670c5a6e4 (diff)
download	lua-788109a3de05462f19c5c05033581c1eab9e9283.tar.gz lua-788109a3de05462f19c5c05033581c1eab9e9283.tar.bz2 lua-788109a3de05462f19c5c05033581c1eab9e9283.zip

diff --git a/bugs b/bugs index d0f9ad1e..4dc02d4b 100644 --- a/bugs +++ b/bugs
@@ -3641,6 +3641,29 @@ patch = [[
3641	}	3641	}
3642		3642
3643		3643
		3644	Bug{
		3645	what = [[Checking a format for 'os.date' may read pass the format string]],
		3646	report = [[Nagaev Boris, 2016/07/10]],
		3647	since = [[5.3.3]],
		3648	fix = nil,
		3649	example = [[
		3650	This bug does not seem to happen with regular compilers.
		3651	It needs an "interceptor" 'memcmp' function that continues
		3652	reading memory after a difference is found.]],
		3653	patch = [[
		3654	2c2
		3655	< ** $Id: loslib.c,v 1.64 2016/04/18 13:06:55 roberto Exp roberto $
		3656	---
		3657	> ** $Id: loslib.c,v 1.64 2016/04/18 13:06:55 roberto Exp $
		3658	263c263,264
		3659	< for (option = LUA_STRFTIMEOPTIONS; *option != '\0'; option += oplen) {
		3660	---
		3661	> int convlen = (int)strlen(conv);
		3662	> for (option = LUA_STRFTIMEOPTIONS; *option != '\0' && oplen <= convlen; option += oplen) {
		3663	]]
		3664	}
		3665
		3666
3644	--[=[	3667	--[=[
3645	Bug{	3668	Bug{
3646	what = [[ ]],	3669	what = [[ ]],