On 02.10.2012 01:30, Hitoshi Harada wrote:
> It seems date_in() has a risk of buffer overrun. If the input is '.',
> it sets field[0] to the beginning of workbuf and goes into
> DecodeDate(). This function checks null-termination of the head of
> string, but it can go beyond the end of string inside the first loop
> and replace some bytes with zero. The worst scenario we've seen is
> overwrite of the stack frame, in which the compiler rearranged the
> memory allocation of local variables in date_in() and work_buf is at
> lower address than field.
>
> I tried to attach a patch file but failed somehow, so I paste the fix here.
Thanks, applied to master and all supported back-branches.
- Heikki
