Bug#748210: Missing parameter to cause stack underflow
Michael Tautschnig
mt at debian.org
Thu May 15 10:25:46 UTC 2014
Package: libconvert-uulib-perl
Version: 1:1.4~dfsg-1
Usertags: goto-cc
During an analysis of all packages using our research compiler tool-chain (using
tools from the cbmc package) the following error was found:
The declaration of UUEncodePartial here
http://sources.debian.net/src/libconvert-uulib-perl/1:1.4~dfsg-1/UUlib.xs?hl=409#L409
lacks the final argument (it takes only 9 arguments), as can be seen by
comparing to its definition:
http://sources.debian.net/src/libconvert-uulib-perl/1:1.4~dfsg-1/uulib/uuencode.c?hl=788#L788
Thus the generated perl-to-native wrapper only converts and passes 9 arguments,
which necessarily results in a stack underflow (the argument is used). The
resulting undefined behaviour will likely show up as seemingly random failures
in testing the CRC values.
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 859 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20140515/63bc0d37/attachment.sig>
More information about the pkg-perl-maintainers
mailing list