mirror of
https://https.git.savannah.gnu.org/git/findutils.git
synced 2026-01-26 15:39:06 +00:00
find: avoid buffer-overflow with -printf '%T+'
* find/print.c (format_date): Increase size of local variable FMT to match the longest possible content. Fixes https://bugs.debian.org/873032 reported upstream by Andreas Metzler in https://savannah.gnu.org/bugs/?51841; fix proposed by Kamil Dudka. Bug introduced in commit v4.6.0-111-g95816b2, so no released version ever saw this; therefore not adding a NEWS entry.
This commit is contained in:
Bernhard Voelker
parent
971d3422b6
commit
febde26dd0
@ -611,7 +611,7 @@ format_date (struct timespec ts, int kind)
|
||||
char ns_buf[NS_BUF_LEN]; /* -.9999999990 (- sign can happen!)*/
|
||||
int charsprinted, need_ns_suffix;
|
||||
struct tm *tm;
|
||||
char fmt[6];
|
||||
char fmt[12];
|
||||
|
||||
/* human_readable() assumes we pass a buffer which is at least as
|
||||
* long as LONGEST_HUMAN_READABLE. We use an assertion here to
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user