[Debian-med-packaging] Bug#733626: will always overflow destination buffer

Mathieu Malaterre malat at debian.org
Mon Dec 30 14:14:59 UTC 2013 

Package: insighttoolkit
Version: 3.20.1+git20120521-4
Severity: important

Seems there is a buffer overflow:

/usr/bin/cmake -E cmake_progress_report
/«BUILDDIR»/insighttoolkit-3.20.1+git20120521/obj-i486-linux-gnu/CMakeFiles
In file included from /usr/include/stdio.h:937:0,
                 from
/«BUILDDIR»/insighttoolkit-3.20.1+git20120521/Utilities/kwsys/SystemInformation.cxx:87:
In function 'int sprintf(char*, const char*, ...)',
    inlined from 'bool
itksys::SystemInformationImplementation::RetrieveClassicalCPUIdentity()'
at /«BUILDDIR»/insighttoolkit-3.20.1+git20120521/Utilities/kwsys/SystemInformation.cxx:2040:114:
/usr/include/i386-linux-gnu/bits/stdio2.h:34:43: warning: call to int
__builtin___sprintf_chk(char*, int, unsigned int, const char*, ...)
will always overflow destination buffer [enabled by default]
       __bos (__s), __fmt, __va_arg_pack ());
                                           ^
In function 'int sprintf(char*, const char*, ...)',
    inlined from 'bool
itksys::SystemInformationImplementation::RetrieveClassicalCPUIdentity()'
at /«BUILDDIR»/insighttoolkit-3.20.1+git20120521/Utilities/kwsys/SystemInformation.cxx:2041:119:
/usr/include/i386-linux-gnu/bits/stdio2.h:34:43: warning: call to int
__builtin___sprintf_chk(char*, int, unsigned int, const char*, ...)
will always overflow destination buffer [enabled by default]
       __bos (__s), __fmt, __va_arg_pack ());
                                           ^
In function 'int sprintf(char*, const char*, ...)',
    inlined from 'bool
itksys::SystemInformationImplementation::RetrieveClassicalCPUIdentity()'
at /«BUILDDIR»/insighttoolkit-3.20.1+git20120521/Utilities/kwsys/SystemInformation.cxx:2042:123:
/usr/include/i386-linux-gnu/bits/stdio2.h:34:43: warning: call to int
__builtin___sprintf_chk(char*, int, unsigned int, const char*, ...)
will always overflow destination buffer [enabled by default]
       __bos (__s), __fmt, __va_arg_pack ());
                                           ^


ref:
https://buildd.debian.org/status/fetch.php?pkg=insighttoolkit&arch=i386&ver=3.20.1%2Bgit20120521-4&stamp=1388401586

More information about the Debian-med-packaging mailing list