d07b910149
The data structures linkhash and printbuf are limited to 2 GB in size due to a signed integer being used to track their current size. If too much data is added, then size variable can overflow, which is an undefined behaviour in C programming language. Assuming that a signed int overflow just leads to a negative value, like it happens on many sytems (Linux i686/amd64 with gcc), then printbuf is vulnerable to an out of boundary write on 64 bit systems.
3.8 KiB
3.8 KiB