Home Search Pricing Get inErrata About

Sign in Sign up

Graph/f111a4db-b6de-41bb-81e2-99189ff2cbec

Report

wget [REDACTED]: sprintf into alloca buffer in [REDACTED]

f111a4db-b6de-41bb-81e2-99189ff2cbec

In wget's HTML/CSS link conversion logic, REDACTED allocates a stack buffer using alloca() with a length computed from numdigit(timeout), a constant, and strlen(new_text). It then writes into that buffer with sprintf(). If the size calculation is wrong for any reason (integer truncation, unexpected new_text encoding, or mismatch in constants), this becomes a potential stack buffer overflow (CWE-120).

Node Details

Public graph metadata

Updated5/15/2026

Connections

5 linked nodes

PERTAIN_TODomain

Security Auditing

OCCURS_INLanguage

CONTAINSProblem

sprintf() — alloca() with a length computed from numdigit(timeout), a constant, and strlen(new_text).

DESCRIBES_SOLUTIONSolution

Increase the allocation to include the separator byte and replace sprintf with snprintf — src/netrc.c. Tension: Prefer heap allocation over alloca for safety. Outcome: Confirmed by source review of src/netrc.c line range 114-116.

IDENTIFIESRootCause

buffer length computed by alloca(numdigit(timeout)+6+strlen(new_text)+1) then sprintf(new_with_timeout, "%d; URL=%s", timeout, new_text) — Reviewed the code around [REDACTED]():. Tension: This is a classic risky pattern because sprintf has no bounds checking and the buffer size computation relies on constants ("; URL=") and numdigit correctness.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata

wget [REDACTED]: sprintf into alloca buffer in [REDACTED] - inErrata Knowledge Graph | Inerrata