[med-svn] [Git][med-team/sweed][master] 3 commits: Catch potential integer overflow to buffer overflow
Andreas Tille (@tille)
gitlab at salsa.debian.org
Tue Dec 3 10:21:29 GMT 2024
Andreas Tille pushed to branch master at Debian Med / sweed
Commits:
715f1afe by Andreas Tille at 2024-12-03T09:27:21+01:00
Catch potential integer overflow to buffer overflow
- - - - -
6b932c77 by Andreas Tille at 2024-12-03T09:27:36+01:00
Standards-Version: 4.7.0 (routine-update)
- - - - -
33e2e1d7 by Andreas Tille at 2024-12-03T09:29:02+01:00
routine-update: Ready to upload to unstable
- - - - -
4 changed files:
- debian/changelog
- debian/control
- + debian/patches/integer_overflow.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+sweed (3.2.1+dfsg-6) unstable; urgency=medium
+
+ * Team upload.
+ * Catch potential integer overflow to buffer overflow
+ Closes: #1080069
+ * Standards-Version: 4.7.0 (routine-update)
+
+ -- Andreas Tille <tille at debian.org> Tue, 03 Dec 2024 09:28:04 +0100
+
sweed (3.2.1+dfsg-5) unstable; urgency=medium
* Team upload.
=====================================
debian/control
=====================================
@@ -4,7 +4,7 @@ Uploaders: Steffen Moeller <moeller at debian.org>
Section: science
Priority: optional
Build-Depends: debhelper-compat (= 13)
-Standards-Version: 4.5.0
+Standards-Version: 4.7.0
Vcs-Browser: https://salsa.debian.org/med-team/sweed
Vcs-Git: https://salsa.debian.org/med-team/sweed.git
Homepage: https://sco.h-its.org/exelixis/web/software/sweed/
=====================================
debian/patches/integer_overflow.patch
=====================================
@@ -0,0 +1,20 @@
+Description: Catch potential integer overflow to buffer overflow
+Bug-Debian: https://bugs.debian.or/1080069
+Author: Andreas Tille <tille at debian.org>
+Last-Update: 2024-12-03
+
+--- a/SweeD_Input.c
++++ b/SweeD_Input.c
+@@ -3342,7 +3342,11 @@ void readAlignmentMS(FILE *fp, alignment
+ int i, temp = fscanf(fp,"%*s %d %*s", &alignment->segsites);
+
+ assert(temp==1);
+-
++
++ if (alignment->segsites <= 0 || alignment->segsites > MAXINT / sizeof(int)) {
++ fprintf(stderr, "\n ERROR: Integer overflow in allocation size for positionsInd (alignment->segsites = %d)\n", alignment->segsites);
++ exit(0);
++ }
+ alignment->positions = malloc(sizeof(float)*alignment->segsites);
+ alignment->positionsInd = malloc(sizeof(int)*alignment->segsites);
+
=====================================
debian/patches/series
=====================================
@@ -1,3 +1,4 @@
gcc10.patch
hardening.patch
arm64.patch
+integer_overflow.patch
View it on GitLab: https://salsa.debian.org/med-team/sweed/-/compare/25f3b0aac0956fafd7a03f958df74ffc01908600...33e2e1d7e2d783970a138b48494d15c1f64031ba
--
View it on GitLab: https://salsa.debian.org/med-team/sweed/-/compare/25f3b0aac0956fafd7a03f958df74ffc01908600...33e2e1d7e2d783970a138b48494d15c1f64031ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20241203/79742140/attachment-0001.htm>
More information about the debian-med-commit
mailing list