Skip to content

sprintf without bounds #6

New issue
New issue
Open
Open
sprintf without bounds#6
@RootUp

Description

@RootUp
RootUp
opened on Jun 29, 2018

From Brave: https://github.com/brave/browser-ios/blob/development/brave/node_modules/tracking-protection/node_modules/cppunitlite/src/SimpleString.cpp#L85

sprintf (buffer, "%lf", value);

Does not check for buffer overflows, If message's length > str's length, there's a buffer overflow.

This issue was reported to brave via hackerone, they marked my bug as informative and close it by saying.

The code that you highlighted is part of the npm module cppunitlite. The npm module is used in the tracking protection library in the iOS browser, but the code snippet that you highlighted is not used in the code.

You can report the issue here for a fix from the author: https://github.com/smikes/CppUnitLite/

Thanks, Dhiraj

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions