[Debian-med-packaging] Bug#733650: readseq: Buffer overflow in ureadseq.c
Michael Bienia
geser at ubuntu.com
Mon Dec 30 17:34:52 UTC 2013
Package: readseq
Version: 1-10
Severity: normal
Tags: patch
Hello,
looking at why readseq failed to build in Ubuntu trusty, gcc found a
buffer overflow in ureadseq.c:
In function 'strcpy',
inlined from 'writeSeq' at ureadseq.c:1925:13:
/usr/include/x86_64-linux-gnu/bits/string3.h:104:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer [enabled by default]
which then got triggered by the test suite:
Test of NCBI ASN.1 conversions:
./readseq -p -f=asn test.m-ig -otest.m-asn
*** buffer overflow detected ***: ./readseq terminated
Looking at ureadseq.c:writeSeq() it's pretty obvious that
char idword[31], endstr[10]; (line 1771)
and
strcpy(endstr,"\"\n } } ,"); (line 1925)
won't match (the string copied is 14 bytes long).
Regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: buffer_overflow.patch
Type: text/x-diff
Size: 525 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-med-packaging/attachments/20131230/241f7e6e/attachment.patch>
More information about the Debian-med-packaging
mailing list