| Summary: | media-tv/ivtv-utils _FORTIFY_SOURCE indicates presence of overflow | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Component: | Current packages | Assignee: | Steve Dibb (RETIRED) <beandog> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | cardoe, hardened, media-tv |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 259417 | ||
| Attachments: |
Build log
Patch to ivtv-utils-1.4.0-r1.ebuild to address overflow |
||
|
Description
Diego Elio Pettenò (RETIRED)
2010-10-02 01:22:02 UTC
Created attachment 249234 [details]
Build log
Created attachment 249253 [details, diff]
Patch to ivtv-utils-1.4.0-r1.ebuild to address overflow
The helper method pts_to_string uses either the caller supplied buffer or, if none is supplied, an internal buffer of length 256. Regardless, it uses the size of its internal buffer. The source fortification warning triggered because a caller supplied a buffer of only length 64, so specifying the length of 256 is wrong in that case. Although it looks like the 64 character buffer would be sufficient to hold the output, I elected to increase the 64 character buffer instead of shrinking the static buffer.
Also, I included a transform of sprintf => snprintf in various source files after confirming that all such transforms will have a correct sizeof result. This should provide protection against any latent overruns since some of the sprintf calls use what appear to be externally derived values.
applied the changes in as a normal patch for 1.4.1, closing |