Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 228969 Details for
Bug 285105
media-sound/grip-3.3.1-r2 - buffer overflow detected when writing ID3v2 tags
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to fix the bug and s/sprintf/snprintf/
grip-3.3.1-invalid-genre-size.patch (text/plain), 799 bytes, created by
Frédéric Fauberteau
on 2010-04-24 09:17:17 UTC
(
hide
)
Description:
Patch to fix the bug and s/sprintf/snprintf/
Filename:
MIME Type:
Creator:
Frédéric Fauberteau
Created:
2010-04-24 09:17:17 UTC
Size:
799 bytes
patch
obsolete
>diff -ur grip-3.3.1.orig/src/id3.c grip-3.3.1/src/id3.c >--- grip-3.3.1.orig/src/id3.c 2010-04-24 10:17:23.000000000 +0200 >+++ grip-3.3.1/src/id3.c 2010-04-24 10:16:42.000000000 +0200 >@@ -252,8 +252,8 @@ > > if ( frames[ i ] ) { > char *c_data = NULL; >- char gen[ 5 ] = "( )"; >- char trk[ 4 ] = " "; >+ char gen[ 6 ] = "( )"; /* max unsigned char: 255 */ >+ char trk[ 3 ] = " "; /* max CDDA tracks: 99 */ > > switch( frameids[ i ] ) { > case ID3FID_TITLE: >@@ -278,12 +278,12 @@ > > case ID3FID_CONTENTTYPE: > c_data = gen; >- sprintf( gen, "(%d)", genre ); /* XXX */ >+ snprintf( gen, 6, "(%d)", genre ); > break; > > case ID3FID_TRACKNUM: > c_data = trk; >- sprintf( trk, "%d", tracknum ); /* XXX */ >+ snprintf( trk, 3, "%d", tracknum ); > break; > > default:
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=228969">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 285105
:
204222
|
204745
|
204748
| 228969
