Bug#829398: xcfa: Buffer overflow with more than 45 tracks
Gunnar Wolf
gwolf at debian.org
Thu Mar 11 15:22:45 GMT 2021
tags -1 + patch
user debian-release at lists.debian.org
usertags -1 + bsp-2021-03-latinoamerica
kthxbye
So, a trivial workaround for this issue would be to increase the
amount of entries in the allocation table:
diff --git a/src/file_lc.c b/src/file_lc.c
index 4d9ce0c..ef774ee 100644
--- a/src/file_lc.c
+++ b/src/file_lc.c
@@ -57,7 +57,7 @@
//
gchar **filelc_AllocTabArgs( void )
{
- gchar **PtrTab = (gchar **)g_malloc0( sizeof(gchar **) * 50 );
+ gchar **PtrTab = (gchar **)g_malloc0( sizeof(gchar **) * 110 );
PtrTab [ 0 ] = g_strdup( "nice" );
PtrTab [ 1 ] = g_strdup( "-n" );
I chose 110 in order to leave space for the relevant logs mentioned by
the bug submitter. While this is not a definitive answer and does not
make the buffer overflow go away, this would allow all
standards-compliant CDDA disks to be produced -- A CD can contain up
to 99 tracks¹, so this would allow for creating all valid CDs.
Of course, this trivial patch does not take away the overflow
potential (and that should definitively be addressed!), and does not
yet properly communicate to users they requested the creation of
something that would break the standards. But it would be a first,
trivial step to fix this (old!) bug allowing for the creation of valid
images.
¹ https://en.wikipedia.org/wiki/Compact_Disc_Digital_Audio#Tracks
The official standard is not freely available.
More information about the pkg-multimedia-maintainers
mailing list