Changes between Initial Version and Version 1 of Ticket #18389, comment 5
- Timestamp:
- Apr 28, 2023, 10:36:01 AM (23 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #18389, comment 5
initial v1 1 1 I think here it's a bug in TextSearch, in Grepper.cpp. 2 The line buffer handed to sscanf() to extract the filename, line number and position is sized to B_PATH_NAME_LENGTH * 2. 2 The line buffer handed to sscanf() to extract the filename, line number and position is sized to B_PATH_NAME_LENGTH * 2. Which gives only 2048 max, AFAICT. 3 3 4 If the line read from grep output is longer than that, I fear that there is no \0 at end, which lead to sscanf() stepping outside memory boundary and therefore crash.4 If the actual line read from grep output is longer than that, I fear that there is no \0 at end of the line buffer, which lead to sscanf() stepping outside memory boundary and therefore crash.
