You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@xalan.apache.org by "Int3 (JIRA)" <ji...@apache.org> on 2015/03/02 05:30:04 UTC

[jira] [Updated] (XALANC-760) Code analysis revealed multiple potential buffer overflows

     [ https://issues.apache.org/jira/browse/XALANC-760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Int3 updated XALANC-760:
------------------------
    Attachment: XalanXMLFileReporter.patch
                XalanExe.patch
                MsgCreator.patch
                InMemHandler.patch

> Code analysis revealed multiple potential buffer overflows
> ----------------------------------------------------------
>
>                 Key: XALANC-760
>                 URL: https://issues.apache.org/jira/browse/XALANC-760
>             Project: XalanC
>          Issue Type: Bug
>          Components: XalanC
>    Affects Versions: 1.11
>            Reporter: Int3
>            Assignee: Steven J. Hathaway
>         Attachments: InMemHandler.patch, MsgCreator.patch, XalanExe.patch, XalanXMLFileReporter.patch
>
>
> src/xalanc/Harness/XalanXMLFileReporter.cpp
> 	The float at line 490 can exceed 40 bytes in length (max double is 317 bytes)
> src/xalanc/Utils/MsgCreator/MsgCreator.cpp
> 	This utility lacks any buffer bounding to protect against buffer overflows
> src/xalanc/Utils/MsgCreator/InMemHandler.cpp
> 	This utility lacks any buffer bounding to protect against buffer overflows
> src/xalanc/XalanExe/XalanExe.cpp
> 	There is no upper bound on n_maxParams



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org