Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 339405 - media-tv/ivtv-utils _FORTIFY_SOURCE indicates presence of overflow
Summary: media-tv/ivtv-utils _FORTIFY_SOURCE indicates presence of overflow
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Steve Dibb (RETIRED)
Depends on:
Blocks: fortify-source
  Show dependency tree
Reported: 2010-10-02 01:22 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2012-03-05 05:48 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Build log (ivtv-utils-1.4.0-r1:20101002-003347.log,10.57 KB, text/plain)
2010-10-02 01:22 UTC, Diego Elio Pettenò (RETIRED)
Patch to ivtv-utils-1.4.0-r1.ebuild to address overflow (ivtv-utils-1.4.0-r1.ebuild.patch,546 bytes, patch)
2010-10-02 04:02 UTC, Kevin Pyle
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-02 01:22:02 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-02 01:22:21 UTC
Created attachment 249234 [details]
Build log
Comment 2 Kevin Pyle 2010-10-02 04:02:53 UTC
Created attachment 249253 [details, diff]
Patch to ivtv-utils-1.4.0-r1.ebuild to address overflow

The helper method pts_to_string uses either the caller supplied buffer or, if none is supplied, an internal buffer of length 256.  Regardless, it uses the size of its internal buffer.  The source fortification warning triggered because a caller supplied a buffer of only length 64, so specifying the length of 256 is wrong in that case.  Although it looks like the 64 character buffer would be sufficient to hold the output, I elected to increase the 64 character buffer instead of shrinking the static buffer.

Also, I included a transform of sprintf => snprintf in various source files after confirming that all such transforms will have a correct sizeof result.  This should provide protection against any latent overruns since some of the sprintf calls use what appear to be externally derived values.
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2012-03-05 05:48:35 UTC
applied the changes in as a normal patch for 1.4.1, closing