Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fosstodon.org/users/alanc/statuses/112854724761656245">Alan Coopersmith (alanc@fosstodon.org)'s status on Saturday, 27-Jul-2024 09:43:10 JST</a><a href="https://fosstodon.org/@alanc" title="alanc@fosstodon.org"><img src="https://gnusocial.jp/avatar/149449-48-20230714154441.webp" width="48" height="48" alt="Alan Coopersmith" style="position: absolute; left: 0; top: 0;">Alan Coopersmith</a><div><a href="https://fosstodon.org/@alanc/112854371873547146" rel="in-reply-to">in reply to</a></div></section><article><p>As <a href="https://bird.makeup/users/solardiz">@solardiz</a> noted in the followup post at <a href="https://www.openwall.com/lists/oss-security/2024/07/26/2" rel="nofollow noreferrer">https://www.openwall.com/lists/oss-security/2024/07/26/2</a> the standard unfortunately allowed the GNU libc behavior of not guaranteeing the pointer would be NULL on failure, requiring users to check the return value, despite all the known non-GNU implementations guaranteeing to set it to NULL on failure, meaning that even though the standard requires asprintf() be provided, portable software still has to be aware of the different implementations.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3434698#notice-6752830">In conversation</a><time datetime="2024-07-27T09:43:10+09:00" title="Saturday, 27-Jul-2024 09:43:10 JST">about 4 months ago</time> <span>from <span><a href="https://fosstodon.org/@alanc/112854724761656245" rel="external" title="Sent from fosstodon.org via ActivityPub">fosstodon.org</a></span></span><a href="https://fosstodon.org/@alanc/112854724761656245">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.openwall.com</div><h5><a href="https://www.openwall.com/lists/oss-security/2024/07/26/2">oss-security - Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Alan Coopersmith (alanc@fosstodon.org)'s status on Saturday, 27-Jul-2024 09:43:10 JST Alan Coopersmith
in reply to
As @solardiz noted in the followup post at https://www.openwall.com/lists/oss-security/2024/07/26/2 the standard unfortunately allowed the GNU libc behavior of not guaranteeing the pointer would be NULL on failure, requiring users to check the return value, despite all the known non-GNU implementations guaranteeing to set it to NULL on failure, meaning that even though the standard requires asprintf() be provided, portable software still has to be aware of the different implementations.
In conversationabout 4 months ago from fosstodon.orgpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.openwall.com
  oss-security - Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow

Public

Embed Notice

HTML Code

Corresponding Notice