| Summary: | app-editors/cssed _FORTIFY_SOURCE indicates presence of overflow | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Component: | Current packages | Assignee: | Gentoo Web Application Packages Maintainers <web-apps> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | major | CC: | hardened, treecleaner |
| Priority: | High | Keywords: | PMASKED |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | Pending Removal: 2012-04-24 | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 259417 | ||
| Attachments: | Build log | ||
|
Description
Diego Elio Pettenò (RETIRED)
2010-10-04 20:03:34 UTC
Created attachment 249574 [details]
Build log
The overflow is in a bundled and outdated copy of dev-libs/libcroco. Gentoo currently offers libcroco 0.6.1 and 0.6.2. Based on CVS commit messages for app-editors/cssed <http://cssed.cvs.sourceforge.net/viewvc/cssed/cssed/libcroco/parser/>, which appears to be abandoned, it is carrying a derivative of libcroco 0.6.0. The overflow itself is simple to fix, if you do not mind continuing to use a bundled library. The function cr_om_parser_parse_paths_to_cascade has a stack variable of type X *[3], but does a memset of the variable for a length of X [3], which is wrong when sizeof(X*) < sizeof(X) [where X = CRStyleSheet]. CRStyleSheet *sheets[3]; memset (sheets, 0, sizeof (CRStyleSheet) * 3); Change the memset to be: memset (sheets, 0, sizeof (sheets)); Probably a candidate for removal as its upstream is dead, is using bundled libs and has multiple alternatives: http://tips.webdesign10.com/good-css-editor-for-linux-ubuntu dropped |