Bug#514138: audacity: buffer overflow
Benjamin Drung
benjamin.drung at gmail.com
Wed Feb 4 21:29:05 UTC 2009
The upcoming audacity 1.3.7-1 does not crash if I open the generated
file from [0]. According to the Gentoo bug tracker [1] audacity 1.3.6
does not have this bug any more. You can find
String_parse::get_nonspace_quoted in version 1.3.7 in
lib-src/portsmf/strparse.cpp:
void String_parse::get_nonspace_quoted(string &field)
{
field.clear();
skip_space();
bool quoted = false;
if ((*str)[pos] == '"') {
quoted = true;
field.append(1, '"');
pos = pos + 1;
}
while ((*str)[pos] && (quoted || !isspace((*str)[pos]))) {
if ((*str)[pos] == '"') {
if (quoted) {
field.append(1, '"');
pos = pos + 1;
}
return;
}
if ((*str)[pos] == '\\') {
pos = pos + 1;
}
if ((*str)[pos]) {
field.append(1, (*str)[pos]);
pos = pos + 1;
}
}
}
Cheers,
Benjamin
[0] http://www.milw0rm.com/exploits/7634
[1] https://bugs.gentoo.org/show_bug.cgi?id=253493#c5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20090204/9c1424bb/attachment-0001.pgp
More information about the pkg-multimedia-maintainers
mailing list