Does anyone know whether nVidia is going to support XRender
in their drivers? I have TNT2, and after switching from nVidia's 0.9-6 drivers to "nv" driver that comes with XFree86 I've got DPMS (which
perhaps is considered unnecessary by nVidia programmers), XRender, and 10-20 extra megabytes
of free memory (X has smaller footprint now). But AA font rendering is pretty slow, and I
think this can be improved if XRender support
is done by nVidia. Also, at the moment I have to use separate XF86Config for Quake.
Sometimes people use %.Ns (where N is some number)
in conjunction with sprintf
instead of snprintf, as snprintf may not be
available on some systems. If format string
can be replaced, an attacker may remove.N part,
and then make program execute arbitrary code
via stack overrun.
An example of code that may cause problem:
So what Trolls are going to do with their Qt Professional Edition, including Windows version? It seems that it will become completely separate product now, as there will be no easy way to keep it in sync with GPL'd Free Edition. Even APIs may become different.
Did anyone try this exploit? I don't have my own IIS server and don't want to steal data from other servers, but if this program is proved to work than the security hole really exists.
Slashdot Mirror
Does anyone know whether nVidia is going to support XRender in their drivers? I have TNT2, and after switching from nVidia's 0.9-6 drivers to "nv" driver that comes with XFree86 I've got DPMS (which perhaps is considered unnecessary by nVidia programmers), XRender, and 10-20 extra megabytes of free memory (X has smaller footprint now). But AA font rendering is pretty slow, and I think this can be improved if XRender support is done by nVidia. Also, at the moment I have to use separate XF86Config for Quake.
...
char buf[512];
...
sprintf(buf, gettext("File name: %.256s"), argv[1]);
Also I'm sure there's lot of other methods how to make victim program not just segfault.
So what Trolls are going to do with their Qt Professional Edition, including Windows version? It seems that it will become completely separate product now, as there will be no easy way to keep it in sync with GPL'd Free Edition. Even APIs may become different.
Did anyone try this exploit? I don't have my own IIS server and don't want to steal data from other servers, but if this program is proved to work than the security hole really exists.