Summary: | kde-base/kstars-4.3.4 stack smashing "attack" on hardened | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Hugo Mildenberger <Hugo.Mildenberger> |
Component: | Current packages | Assignee: | Gentoo KDE team <kde> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
output of emerge --info =kde-base/kstars-4.3.4
patch against kstars/kstars/skyobjects/saturnmoons.cpp |
Description
Hugo Mildenberger
2009-12-18 22:35:51 UTC
Created attachment 213440 [details]
output of emerge --info =kde-base/kstars-4.3.4
Regarding missing core dumps, it could be useful to check the hardened reports
among #263681, #225563, #288419, #115285, #149292, #180451, #231225, #286587,
#202582, #191005 and #219589
Created attachment 213582 [details, diff] patch against kstars/kstars/skyobjects/saturnmoons.cpp To test it, just add the line PATCHES=( "${FILESDIR}/${PV}/saturnmoons-fix-index-and-angle-errors.patch" ) to kstars-4.3.4.ebuild, and put the patch into a newly created "files/4.3.4/" directory. This patch fixes four things: 1.) The author assumed C arrays would start with element 1. The consequence was a stack smashing "attack" detected when compiled with -fstack-protector-all 2.) summing up angles given in degrees with angles given in radians: see double u = 2*W5 - 2*theta + psi; 3.) remove unnecessary calls to MapTo0To360Range 4.) remove unused, superflous arrays declarations HOWEVER: Saturn's moon position still appear to be wrong when compared to the output of JPL's solar system simulator for any given date (here: http://space.jpl.nasa.gov/) Thanks for your report - apparently it's been fixed upstream in r1065303 - http://websvn.kde.org/?view=revision&revision=1065303 That code was not only broken, but even "stolen" (and thus it's has been removed). This should be included in 4.3.5 as it was fixed in 4.3 branch. |