the function snprintf use an external and controllable argument like argv[0], that is very dangerous. Because the argument is just a format string, it contains some symbols as %n %p %s are very dangerous. The user can read or write the stack segment by using them.
code
snprintf(filename,maxlength,argv[0],framecounter);
if (!file_exists(filename)) {
stop_searching++;
continue;
}
example
use the command
./flif -e sig%s.%s.png test.flif
the error will be
Segmentation fault
hi,
issue
the function snprintf use an external and controllable argument like argv[0], that is very dangerous. Because the argument is just a format string, it contains some symbols as %n %p %s are very dangerous. The user can read or write the stack segment by using them.
code
example
use the command
./flif -e sig%s.%s.png test.flifthe error will beSegmentation faultthanks for your time.
from: Eagleye team Cheng Renfeng. Zhou Kai. Cheng Xiaoyan.