Summary: | net-libs/openslp-1.2.1-r1 has buffer overflow with memcpy() on 64-bit architectures | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | SpanKY <vapier> |
Component: | Current packages | Assignee: | Printing Team <printing> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | enviouzproductionz07, m.debruijne |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 259417 | ||
Attachments: | memcpy should copy sizeof(struct in_addr) not sizeof(addr) |
Description
SpanKY
2010-07-20 03:03:40 UTC
i solved this temporarily by adding CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=0" to the emerge command like so CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=0" emerge openslp And it compiled without showing that error. I dont know much about writing ebuilds or i would make a patch. I dont know where at in the ebuild i would add CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=0" that probably doesnt do what you think it's doing. probably better to do: CPPFLAGS=-U_FORTIFY_SOURCE emerge ... @Spanky Thanks ill give that a try and see what happens. What exactly is the difference between CPPFLAGS=-U_FORTIFY_SOURCE and CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=0" ? It was just a solution i found while googling for a fix to this bug. It never said what it did exactly and it was for a totally different package (zsnes) butr the error was the same so i thought i would give it a try. Created attachment 247907 [details, diff]
memcpy should copy sizeof(struct in_addr) not sizeof(addr)
sizeof(addr) will return the size of a pointer, not the size of struct in_addr, the item being copied.
(In reply to comment #4) > Created attachment 247907 [details, diff] [details, diff] > memcpy should copy sizeof(struct in_addr) not sizeof(addr) > > sizeof(addr) will return the size of a pointer, not the size of struct in_addr, > the item being copied. Fixed in openslp-1.2.1-r2. Thank you! |