| Summary: | games-action/trackballs _FORTIFY_SOURCE indicates presence of overflow | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Component: | [OLD] Games | Assignee: | Gentoo Games <games> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | hardened |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 259417 | ||
| Attachments: |
Build log
Patch to trackballs-1.1.4.ebuild to fix _FORTIFY_SOURCE issue and snprintf non-literal format issues |
||
|
Description
Diego Elio Pettenò (RETIRED)
2010-10-14 01:08:37 UTC
Created attachment 250511 [details]
Build log
Created attachment 250519 [details, diff]
Patch to trackballs-1.1.4.ebuild to fix _FORTIFY_SOURCE issue and snprintf non-literal format issues
This adds sed statements to fix the following upstream issues:
- Use of wrong variable in a sizeof() in src/enterHighScoreMode.cc caused a _FORTIFY_SOURCE warning.
- Use of non-literal with no format arguments in src/editMode.cc and src/map.cc. This has the potential to cause the program to dereference invalid pointers or otherwise generate unwanted strings. In the worst case, use of a %n would cause glibc to abort the program as a security precaution. The sed calls convert from:
snprintf(X, sizeof(X), VAR)
to:
snprintf(X, sizeof(X), "%s", VAR)
This should produce equivalent behavior in the normal case where no format escapes were used, and will prevent misbehavior in the bad case where a format escape is introduced.
In portage. |