Submitted By: Ken Moffat Date: 2005-08-08 Initial Package Version: 0.98.39 Upstream Status: From upstream cvs Origin: Extracted by Ken Moffat Description: This is Jindrich Novy's patch to fix another buffer overrun in nasm, CAN-2005-1194 (users who can be persuaded to assemble and run a malicious source file can have arbitrary code executed via a buffer overflow). $LastChangedBy: randy $ $Date: 2005-08-08 17:44:12 -0500 (Mon, 08 Aug 2005) $ --- nasm-0.98.39/output/outieee.c.orig 2005-01-15 22:16:08.000000000 +0000 +++ nasm-0.98.39/output/outieee.c 2005-08-08 22:12:46.000000000 +0100 @@ -1120,7 +1120,7 @@ va_list ap; va_start(ap, format); - vsprintf(buffer, format, ap); + vsnprintf(buffer, sizeof(buffer), format, ap); l = strlen(buffer); for (i = 0; i < l; i++) if ((buffer[i] & 0xff) > 31)