Fix fann_error buffer overflow #2

bukka · 2013-12-11T20:05:37Z

There was a bug in fann_error function. The errstr string was limited by FANN_ERRSTR_MAX (128) characters. It caused buffer overflow for all error messages with longer file path as a parameter (FANN_E_CANT_READ_CONFIG, FANN_E_CANT_OPEN_CONFIG_R...). It obviously resulted in the heap corruption...

In addition there was a memory leak for errstr when errdat was NULL.

This patch fixes both bugs. I checked it with valgrind and also run all my test tests that I have in my php fann ext.

bukka · 2013-12-11T20:14:22Z

Please double check that PATH_MAX definition for Windows is ok: https://github.com/libfann/fann/pull/2/files#diff-f413e9a581932c55382bb9a96c24fea3R35

I don't have win so I could not test it...

remicollet · 2014-01-01T18:14:33Z

In addition to those changes, I think the vsprintf / sprintf unsecure call should be avoid and replace by vsnprintf / snprintf.

Fix fann_error buffer overflow

bukka added 3 commits December 8, 2013 20:07

Remove compat_time from CMakeList

4a0878a

Fix stack overflow for error msg with path

588c1a7

Optimize fann_error function

20f3967

bukka mentioned this pull request Jan 1, 2014

memory issue: corrupted unsorted chunks bukka/php-fann#10

Closed

Replace vsprintf with vsnprintf and sprintf with strcpy

0b07b4c

steffennissen added a commit that referenced this pull request Aug 16, 2014

Merge pull request #2 from bukka/error_msg_stack_overflow

4489af1

Fix fann_error buffer overflow

steffennissen merged commit 4489af1 into libfann:master Aug 16, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix fann_error buffer overflow #2

Fix fann_error buffer overflow #2

bukka commented Dec 11, 2013

bukka commented Dec 11, 2013

remicollet commented Jan 1, 2014

Fix fann_error buffer overflow #2

Fix fann_error buffer overflow #2

Conversation

bukka commented Dec 11, 2013

bukka commented Dec 11, 2013

remicollet commented Jan 1, 2014