Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 339746

Summary: app-editors/cssed _FORTIFY_SOURCE indicates presence of overflow
Product: Gentoo Linux Reporter: Diego Elio Pettenò (RETIRED) <flameeyes>
Component: Current packagesAssignee: Gentoo Web Application Packages Maintainers <web-apps>
Severity: major CC: hardened, treecleaner
Priority: High Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: Pending Removal: 2012-04-24
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 259417    
Attachments: Build log

Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-04 20:03:34 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-04 20:04:51 UTC
Created attachment 249574 [details]
Build log
Comment 2 Kevin Pyle 2010-10-05 03:42:01 UTC
The overflow is in a bundled and outdated copy of dev-libs/libcroco.  Gentoo currently offers libcroco 0.6.1 and 0.6.2.  Based on CVS commit messages for app-editors/cssed <>, which appears to be abandoned, it is carrying a derivative of libcroco 0.6.0.

The overflow itself is simple to fix, if you do not mind continuing to use a bundled library.  The function cr_om_parser_parse_paths_to_cascade has a stack variable of type X *[3], but does a memset of the variable for a length of X [3], which is wrong when sizeof(X*) < sizeof(X) [where X = CRStyleSheet].

        CRStyleSheet *sheets[3];
        memset (sheets, 0, sizeof (CRStyleSheet) * 3);

Change the memset to be:

        memset (sheets, 0, sizeof (sheets));
Comment 3 Pacho Ramos gentoo-dev 2012-03-19 12:02:50 UTC
Probably a candidate for removal as its upstream is dead, is using bundled libs and has multiple alternatives:
Comment 4 Pacho Ramos gentoo-dev 2012-04-23 18:18:47 UTC