287640 – media-radio/tlf-0.9.31.2 segfaults if called with 'tlf -n'

Bug 287640 - media-radio/tlf-0.9.31.2 segfaults if called with 'tlf -n'

Summary: media-radio/tlf-0.9.31.2 segfaults if called with 'tlf -n'

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-10-04 16:52 UTC by Thomas Beierlein
Modified:	2009-10-08 16:22 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch to fix the out of bounds access. (tlf-0.9.31.2-segfault.patch,356 bytes, patch) 2009-10-04 16:57 UTC, Thomas Beierlein	Details \| Diff
Patch for tlf ebuild to apply the above patch (tlf-0.9.31.2.ebuild.patch,792 bytes, patch) 2009-10-04 17:00 UTC, Thomas Beierlein	Details \| Diff
New patch which includes also fixes for gcc-4.4.1 and glibc-2.10 (tlf-0.9.31.2-segfault.patch,1.16 KB, patch) 2009-10-06 16:57 UTC, Thomas Beierlein	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Beierlein gentoo-dev

2009-10-04 16:52:44 UTC

'tlf -n' segfaults immediately after start with SPOTLIST activated (as is the default in /usr/share/tlf/logcfg.dat).

That happens both on x86 and on amd64 machines.

Comment 1 Thomas Beierlein gentoo-dev

2009-10-04 16:56:05 UTC

Digging into the problem it comes down to a classical 'index out of bounds' problem in one of the files. If called as stated above the program uses a negative array index at some point.

The provided patch fixes the problem. Upstream is informed.

Comment 2 Thomas Beierlein gentoo-dev

2009-10-04 16:57:36 UTC

Created attachment 205995 [details, diff]
Patch to fix the out of bounds access.

Comment 3 Thomas Beierlein gentoo-dev

2009-10-04 17:00:08 UTC

Created attachment 205996 [details, diff]
Patch for tlf ebuild to apply the above patch

Comment 4 Víctor Ostorga (RETIRED) gentoo-dev

2009-10-05 00:49:00 UTC

'tlf -n' has a nasty segfault, but the patch seems not to fix the issue

Comment 5 Thomas Beierlein gentoo-dev

2009-10-06 16:56:40 UTC

Hmmm. I had tested with stable system before.

You are right, there are at least two more buffer overflows if compiled with gcc-4.4.1 and glibc-2.10. See corrected patch for fix for all three problems.

Comment 6 Thomas Beierlein gentoo-dev

2009-10-06 16:57:49 UTC

Created attachment 206254 [details, diff]
New patch which includes also fixes for gcc-4.4.1 and glibc-2.10

Comment 7 Víctor Ostorga (RETIRED) gentoo-dev

2009-10-08 16:22:23 UTC

Big thanks for the patches!

+*tlf-0.9.31.2-r1 (08 Oct 2009)
+
+  08 Oct 2009; Víctor Ostorga <vostorga@gentoo.org>
+  +tlf-0.9.31.2-r1.ebuild, +files/tlf-0.9.31.2-segfault-fix.patch:
+  Fixing segfault if called with 'tlf -n', patch thanks to Thomas Beierlein
+  <tb@forth-ev.de> bug 287640
+