Summary: | media-libs/jasper-1.900.1-r2: errors reading image | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Martin von Gagern <Martin.vGagern> |
Component: | [OLD] Library | Assignee: | Patrick Kursawe (RETIRED) <phosphan> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sci |
Priority: | High | ||
Version: | 2008.0 | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://images.library.wisc.edu/DLDecArts/EFacs/GramOrnJones/reference/0055.jp2 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 222819 |
Description
Martin von Gagern
2008-11-04 18:01:04 UTC
This line here from the patch is to blame: snprintf(obj->pathname, L_tmpnam, "%stmp.XXXXXXXXXX", P_tmpdir); This line comes from the "fix" for CVE-2008-3521. gdb shows a resulting string of "/tmptmp.XXXXXXXXXX", so I assume P_tmpdir is set to "/tmp" without trailing slash. Adding a slash after the %s solves the issue. As bug 222819 comment 24 seems to indicate that CVE-2008-3521 isn't really an issue, we might even drop this change altogether. Up to you. I joined all current fixes, waiting for the mirrors to get the patch. -r3 will solve this issue. Stay tuned... Just committed, fixed in -r3. Thank you! |