Summary: | media-video/spcaview _FORTIFY_SOURCE indicates presence of overflow | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Current packages | Assignee: | Mike Doty (RETIRED) <kingtaco> |
Status: | RESOLVED WONTFIX | ||
Severity: | major | CC: | hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 259417 | ||
Attachments: |
Build log
Patch to increase size of buffer and to propagate length checking Patch to spcaview-20071224.ebuild to apply attachment #246795 |
Description
Diego Elio Pettenò (RETIRED)
2010-09-09 14:43:51 UTC
Created attachment 246597 [details]
Build log
Created attachment 246795 [details, diff]
Patch to increase size of buffer and to propagate length checking
The fortification error is triggered because the code declares char fourcc[4], then uses snprintf to write a fixed 4 character literal (plus null, so 5 total) into fourcc. The code uses a hardcoded 5 to snprintf, presumably because using the proper size caused the data to be truncated.
This patch uses char fourcc[8], and adjusts the prototype of spcaGrab so that it can see the true size of the data passed to it.
I will also attach a trivial ebuild patch to apply this patch.
Created attachment 246797 [details, diff] Patch to spcaview-20071224.ebuild to apply attachment #246795 [details, diff] The package is no longer in Portage, closing |