[espeak-ng:master] reported: Temporary fix for issue #945 #github


espeak-ng@groups.io Integration <espeak-ng@...>
 

[espeak-ng:master] New Comment on Pull Request #948 Temporary fix for issue #945
By jbowler:

You don't have a choice; the fix is definitely temporary; it doesn't recover from the overwrite and, indeed, without adding I think 2 entries to the end of ph_list2 it does not actually prevent it. Once espeak-ng is in this state it can be exploited, a cracker can potentially take over the user's machine. The only recourse is to immediately exit the program. I.e. the problem is not that espeak-ng fails, it is that espeak-ng, responding to externally supplied data, allows the user's machine to be infected by malware.

#include then use assert(!"ph buffer overflow"), 0 (or , NULL to avoid the gcc warnings...)

The problem with the assert is that it calls, as a minimum, write(2) and, in fact, I think it may call fprintf(3); I think it is safe to do that in this case with modern GCC because the strings, while global, are read-only (so cannot be maliciously overwritten).

Join espeak-ng@groups.io to automatically receive all group messages.