[Debian-med-packaging] Bug#733650: readseq: Buffer overflow in ureadseq.c

Michael Bienia geser at ubuntu.com
Mon Dec 30 17:34:52 UTC 2013


Package: readseq
Version: 1-10
Severity: normal
Tags: patch

Hello,

looking at why readseq failed to build in Ubuntu trusty, gcc found a
buffer overflow in ureadseq.c:

In function 'strcpy',
    inlined from 'writeSeq' at ureadseq.c:1925:13:
/usr/include/x86_64-linux-gnu/bits/string3.h:104:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer [enabled by default]

which then got triggered by the test suite:

Test of NCBI ASN.1 conversions:
./readseq -p -f=asn test.m-ig  -otest.m-asn
*** buffer overflow detected ***: ./readseq terminated

Looking at ureadseq.c:writeSeq() it's pretty obvious that
  char  idword[31], endstr[10];  (line 1771)
and
  strcpy(endstr,"\"\n      } } ,"); (line 1925)
won't match (the string copied is 14 bytes long).

Regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: buffer_overflow.patch
Type: text/x-diff
Size: 525 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-med-packaging/attachments/20131230/241f7e6e/attachment.patch>


More information about the Debian-med-packaging mailing list