#595 closed defect (fixed)
Buffer overrun in sp13
Reported by: | querbach | Owned by: | Joel Sherrill |
---|---|---|---|
Priority: | lowest | Milestone: | 2 |
Component: | unspecified | Version: | 4.6 |
Severity: | normal | Keywords: | |
Cc: | bugs@… | Blocked By: | |
Blocking: |
Description
Fill_buffer() in fillbuff.c overruns the supplied buffer due to confusion in the definition of MESSAGE_SIZE. Some files in the sp13 test treat MESSAGE_SIZE as a count of bytes, others treat it as a count of longs.
Release:
RTEMS Version 4.6.99.0 (Snapshot as of 20040318)
Environment:
Intec SS555 (MPC5xx) port.
Built under Debian 3.0.
How-To-Repeat:
Run sp13 on a system with something important just after the buffer.
Attachments (1)
Change History (3)
comment:1 Changed on 03/30/04 at 18:50:19 by Joel Sherrill
Status: | assigned → closed |
---|
Changed on 12/03/06 at 13:31:12 by querbach
Attachment: | rtems-20040318-sp13-fix.patch added |
---|
rtems-20040318-sp13-fix.patch
comment:2 Changed on 10/10/17 at 06:46:55 by Sebastian Huber
Component: | testing → unspecified |
---|
Note: See
TracTickets for help on using
tickets.
State-Changed-From-To: open->closed
State-Changed-Why: Patch applied to CVS trunk and 4.6 branch.