| Summary: | sci-geosciences/gmt _FORTIFY_SOURCE indicates presence of overflow | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Component: | Current packages | Assignee: | Sci-geo Project <sci-geosciences> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | hardened |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 259417 | ||
| Attachments: | Build log | ||
|
Description
Diego Elio Pettenò (RETIRED)
2010-09-09 14:45:36 UTC
Created attachment 246601 [details]
Build log
+*eugene-3.6-r1 (10 Sep 2010) + + 10 Sep 2010; Kacper Kowalik <xarthisius@gentoo.org> -eugene-3.6.ebuild, + +eugene-3.6-r1.ebuild, +files/eugene-3.6-overflow.patch, + +files/eugene-3.6-plugins.patch: + Fix overflows wrt bug 336604 and install path wrt bug 297536. Thanks to + Diego for the reports. + grrr wrong bug, sorry The overflows in gmt_customio.c are because the code uses a char id[4], but uses it as a sequence of 4 bytes, rather than a 4 character string. It does not use a null terminator, but uses str* functions on it anyway. Unfortunately, the structure containing the char id[4] is written to a file, so the array cannot simply be expanded. Should use memcpy or strncpy then… 4.5.6 does not suffer from this issue. Closing as fixed. |