Bug#695467: Horgand too short buffer
Dr. David Alan Gilbert
dave at treblig.org
Sat Dec 8 16:40:54 UTC 2012
Package: horgand
Version: 1.14-4
This started as Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/horgand/+bug/891939
There's a strcpy of an 11 char string (+nil) into a 10 char fixed array;
that on Ubuntu's Fortify build causes it to seg at startup.
I've got a fix below for it; that I think is safe (it certainly
gets past the seg), but for me I'm hitting problems with it not being
able to open the (hard coded) alsa device.
There are further places in the code that aggregate this length onto
other strings into other fixed sized buffers that look safe; but
given the number of fixed length buffers I wouldn't be surprised
if there are further issues.
Description: Buffer was too short for chord name
Author: dave at treblig.org
Bug: https://bugs.launchpad.net/ubuntu/+source/horgand/+bug/891939
Index: horgand-1.14/src/Holrgan.h
===================================================================
--- horgand-1.14.orig/src/Holrgan.h 2007-10-18 03:06:11.000000000 +0100
+++ horgand-1.14/src/Holrgan.h 2012-12-08 16:18:12.218160670 +0000
@@ -398,7 +398,7 @@
struct Ch4
{
- char Nom[10];
+ char Nom[12];
int type;
int fund;
int dist1;
--
-----Open up your eyes, open up your mind, open up your code -------
/ Dr. David Alan Gilbert | Running GNU/Linux | Happy \
\ gro.gilbert @ treblig.org | | In Hex /
\ _________________________|_____ http://www.treblig.org |_______/
More information about the pkg-multimedia-maintainers
mailing list