[Debian-med-packaging] Bug#703076: Missing argument in calls to amitk_color_table_menu_new

Andreas Tille tille at debian.org
Fri Mar 15 09:50:00 UTC 2013 

Hi Andy,

due to some QA checks in Debian the Amide package received a bug report
which I would like to inform you about.  I admit we are lagging behind
your latest upstream version (because of Debian freeze for the next
release we hesitate to introduce other versions than currently beeing in
freeze) and the problem might be fixed or not but I would like to make
you aware of it in any case.

It would be great if you could issue some statement like

 - Is fixed in 1.0.4  or
 - Will be fixed in 1.0.5 or
 - Please be more verbose / provide a patch or
 - Something else

Kind regards and thanks for providing Amide as Free Software

     Andreas.

On Thu, Mar 14, 2013 at 11:33:16PM +0000, Michael Tautschnig wrote:
> Package: amide
> Version: 1.0.1-1
> Usertags: goto-cc
> 
> Building and type-checking the linked results using our research compiler
> infrastructure showed the following wrong uses of amitk_color_table_menu_new:
> 
> ./src/amitk_threshold.c:    threshold->color_table_menu[i_view_mode] = amitk_color_table_menu_new();
> ./src/ui_preferences_dialog.c:    menu = amitk_color_table_menu_new();
> ./src/ui_render_dialog.c:    menu = amitk_color_table_menu_new();
> 
> This conflicts with the actual definition of amitk_color_table_menu_new:
> 
> ./src/amitk_color_table_menu.c:GtkWidget * amitk_color_table_menu_new(AmitkColorTable color_table) {
> 
> The result will necessarily cause a stack underflow, with entirely undefined
> consequences (for any application with elevated privileges this is a possibly
> security issue).
> 
> Best,
> Michael
> 
> PS.: It may be wise to also adjust the declaration of
> amitk_color_table_menu_new:
> 
> ./src/amitk_color_table_menu.h:GtkWidget*    amitk_color_table_menu_new               ();
> 
> (but this is actually entirely covered by the C standard and not necessarily a
> bug - it just stops the compiler from producing proper diagnostics).
> 



> _______________________________________________
> Debian-med-packaging mailing list
> Debian-med-packaging at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging


-- 
http://fam-tille.de

More information about the Debian-med-packaging mailing list