Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 277459

Summary: net-irc/xchat-xsys-2.2.0-r1: some overflow issues. crashes.
Product: Gentoo Linux Reporter: Emopig <andrew>
Component: New packagesAssignee: Julian Ospald <hasufell>
Severity: normal CC: assgier, hardened, net-irc, pacho, qa, treecleaner
Priority: High Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: Pending Removal: 2012-12-24
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 259417    
Attachments: Updated ebuild

Description Emopig 2009-07-11 20:43:51 UTC
I have identified some static array issues in xchat-xsys. The netstream_cb callback in xsys.c tries to stuff up to 5 characters into the 3 character 'mag_r' array. Another issued I noticed (by compile time warning from GCC) was an off by one in the use of strncat - a classic.

Patch attached.

Reproducible: Always

Steps to Reproduce:
Receive on your network interface at a rate greater than 1 KB/s and then use "/netstream" in channel.
Comment 1 Emopig 2009-07-11 20:46:24 UTC
Created attachment 197584 [details]
Updated ebuild
Comment 2 Emopig 2009-07-11 20:46:41 UTC
Created attachment 197586 [details, diff]
Comment 3 Kornelis 2010-01-19 20:19:37 UTC
The 2.2.0-r2 ebuild still hasn't been added to portage, is that going to happen?
Comment 4 Pacho Ramos gentoo-dev 2012-04-30 11:05:36 UTC
Created attachment 310487 [details]

That patch doesn't apply for me :(
Comment 5 Pacho Ramos gentoo-dev 2012-10-06 11:19:25 UTC
Probably a candidate for treecleaning due this unresolved overflows from years and looks to be unmaintained for a long time
Comment 6 Tony Vroon (RETIRED) gentoo-dev 2012-10-06 11:49:34 UTC
Yes. I lost interest in this a long time ago. By all means Pacho.
Comment 7 Julian Ospald 2012-11-25 15:00:02 UTC
I am still using this and the patch works.

If chainsaw does not want to maintain it anymore I will take over ebuild maintainership.
Comment 8 Tony Vroon (RETIRED) gentoo-dev 2012-11-25 20:13:59 UTC
To confirm, I have supplied Julian "hasufell" Ospald with the preliminary X-Sys 3.0.0 source code. It addresses this overflow and adds Conspire plugin interface support. With Conspire now abandoned, this may well be removed before it sees the light of day, but I just wanted to confirm that he is the new upstream for this codebase and that my maintainer tag should be removed at the earliest available opportunity. A new homepage should be provided, etc.
Comment 9 Julian Ospald 2012-11-25 21:14:50 UTC
erm what?
Comment 10 Julian Ospald 2012-11-25 21:54:19 UTC
seems it is already forked and available via hexchat "plugins" useflag:
Comment 11 Pacho Ramos gentoo-dev 2012-12-25 13:08:33 UTC
Should this still be treecleaned? :/
Comment 12 Julian Ospald 2012-12-25 13:58:40 UTC
yes, in case I want to work on this I will do so in the hexchat fork
Comment 13 Pacho Ramos gentoo-dev 2012-12-25 14:04:50 UTC