Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 339746 - app-editors/cssed _FORTIFY_SOURCE indicates presence of overflow
Summary: app-editors/cssed _FORTIFY_SOURCE indicates presence of overflow
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Web Application Packages Maintainers
Whiteboard: Pending Removal: 2012-04-24
Keywords: PMASKED
Depends on:
Blocks: fortify-source
  Show dependency tree
Reported: 2010-10-04 20:03 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2012-04-23 18:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Build log (cssed-0.4.0-r1:20101004-160830.log,126.96 KB, text/plain)
2010-10-04 20:04 UTC, Diego Elio Pettenò (RETIRED)

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-04 20:03:34 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-04 20:04:51 UTC
Created attachment 249574 [details]
Build log
Comment 2 Kevin Pyle 2010-10-05 03:42:01 UTC
The overflow is in a bundled and outdated copy of dev-libs/libcroco.  Gentoo currently offers libcroco 0.6.1 and 0.6.2.  Based on CVS commit messages for app-editors/cssed <>, which appears to be abandoned, it is carrying a derivative of libcroco 0.6.0.

The overflow itself is simple to fix, if you do not mind continuing to use a bundled library.  The function cr_om_parser_parse_paths_to_cascade has a stack variable of type X *[3], but does a memset of the variable for a length of X [3], which is wrong when sizeof(X*) < sizeof(X) [where X = CRStyleSheet].

        CRStyleSheet *sheets[3];
        memset (sheets, 0, sizeof (CRStyleSheet) * 3);

Change the memset to be:

        memset (sheets, 0, sizeof (sheets));
Comment 3 Pacho Ramos gentoo-dev 2012-03-19 12:02:50 UTC
Probably a candidate for removal as its upstream is dead, is using bundled libs and has multiple alternatives:
Comment 4 Pacho Ramos gentoo-dev 2012-04-23 18:18:47 UTC