Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277459 - net-irc/xchat-xsys-2.2.0-r1: some overflow issues. crashes.
Summary: net-irc/xchat-xsys-2.2.0-r1: some overflow issues. crashes.
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Julian Ospald
URL:
Whiteboard: Pending Removal: 2012-12-24
Keywords: PMASKED
Depends on:
Blocks: fortify-source
  Show dependency tree
 
Reported: 2009-07-11 20:43 UTC by Emopig
Modified: 2012-12-25 14:04 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Updated ebuild (xchat-xsys-2.2.0-r2.ebuild,1.24 KB, text/plain)
2009-07-11 20:46 UTC, Emopig 		Details
Fix (xchat-xsys-2.2.0-arrayerrors.patch,747 bytes, patch)
2009-07-11 20:46 UTC, Emopig 		Details | Diff
2.2.0-overflow.patch (2.2.0-overflow.patch.out,2.98 KB, text/plain)
2012-04-30 11:05 UTC, Pacho Ramos 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Emopig 2009-07-11 20:43:51 UTC 
I have identified some static array issues in xchat-xsys. The netstream_cb callback in xsys.c tries to stuff up to 5 characters into the 3 character 'mag_r' array. Another issued I noticed (by compile time warning from GCC) was an off by one in the use of strncat - a classic.

Patch attached.

Reproducible: Always

Steps to Reproduce:
Receive on your network interface at a rate greater than 1 KB/s and then use "/netstream" in channel.
Comment 1 Emopig 2009-07-11 20:46:24 UTC 
Created attachment 197584 [details]
Updated ebuild
Comment 2 Emopig 2009-07-11 20:46:41 UTC 
Created attachment 197586 [details, diff]
Fix
Comment 3 Kornelis 2010-01-19 20:19:37 UTC 
The 2.2.0-r2 ebuild still hasn't been added to portage, is that going to happen?
Comment 4 Pacho Ramos gentoo-dev 2012-04-30 11:05:36 UTC 
Created attachment 310487 [details]
2.2.0-overflow.patch

That patch doesn't apply for me :(
Comment 5 Pacho Ramos gentoo-dev 2012-10-06 11:19:25 UTC 
Probably a candidate for treecleaning due this unresolved overflows from years and looks to be unmaintained for a long time
Comment 6 Tony Vroon (RETIRED) gentoo-dev 2012-10-06 11:49:34 UTC 
Yes. I lost interest in this a long time ago. By all means Pacho.
Comment 7 Julian Ospald 2012-11-25 15:00:02 UTC 
I am still using this and the patch works.

If chainsaw does not want to maintain it anymore I will take over ebuild maintainership.
Comment 8 Tony Vroon (RETIRED) gentoo-dev 2012-11-25 20:13:59 UTC 
To confirm, I have supplied Julian "hasufell" Ospald with the preliminary X-Sys 3.0.0 source code. It addresses this overflow and adds Conspire plugin interface support. With Conspire now abandoned, this may well be removed before it sees the light of day, but I just wanted to confirm that he is the new upstream for this codebase and that my maintainer tag should be removed at the earliest available opportunity. A new homepage should be provided, etc.
Comment 9 Julian Ospald 2012-11-25 21:14:50 UTC 
erm what?
Comment 10 Julian Ospald 2012-11-25 21:54:19 UTC 
seems it is already forked and available via hexchat "plugins" useflag:
https://github.com/hexchat/hexchat/tree/master/plugins/sysinfo
Comment 11 Pacho Ramos gentoo-dev 2012-12-25 13:08:33 UTC 
Should this still be treecleaned? :/
Comment 12 Julian Ospald 2012-12-25 13:58:40 UTC 
yes, in case I want to work on this I will do so in the hexchat fork
Comment 13 Pacho Ramos gentoo-dev 2012-12-25 14:04:50 UTC 
dropped