Bug#751607: ogdi-dfsg: dyn_SelectLayer passes literal struct instead of pointer-to-struct
Michael Tautschnig
mt at debian.org
Sat Jun 14 17:56:21 UTC 2014
Package: ogdi-dfsg
Version: 3.2.0~beta2-7.1
Usertags: goto-cc
During an analysis of all Debian packages using our research compiler tool-chain
(using tools from the cbmc package) the following error was found:
When invoking vpf_close_table here
http://sources.debian.net/src/ogdi-dfsg/3.2.0~beta2-7.1/ogdi/driver/vrf/vrf.c?hl=504#L504
the struct itself is passed as argument rather than the expected
pointer-to-struct (missing & operator); line 414 has the same problem, but is
currently #if 0-disabled.
As a result, the first member of the struct will be interpreted as a pointer to
that struct, which happens to be a char pointer - as such buffer overflows are
to be expected.
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 859 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20140614/445de383/attachment.sig>
More information about the Pkg-grass-devel
mailing list