[PD-dev] [ pure-data-Bugs-2838114 ] zexy fwriteln buffer overflow

SourceForge.net noreply at sourceforge.net
Tue Dec 15 03:20:26 CET 2009


Bugs item #2838114, was opened at 2009-08-15 10:33
Message generated for change (Comment added) made by sf-robot
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=2838114&group_id=55736

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: externals
Group: None
>Status: Closed
Resolution: Accepted
Priority: 5
Private: No
Submitted By: ClaudiusMaximus (claudiusmaximus)
Assigned to: IOhannes m zmlnig (zmoelnig)
Summary: zexy fwriteln buffer overflow

Initial Comment:
The buffer for the prefix is too small.

gcc -I.  -DHAVE_CONFIG_H -DZEXY_LIBRARY -DPD  -I/usr/src/pd/src  -g -O2 -g -Wall -O2 -mms-bitfields -fPIC -mfpmath=sse -msse -g -O2 -g -Wall -O2  -c -o fwriteln.o fwriteln.c
In file included from /usr/include/string.h:640,
                 from fwriteln.c:26:
In function 'strcpy',
    inlined from 'fwriteln_new' at fwriteln.c:233:
/usr/include/bits/string3.h:106: warning: call to __builtin___strcpy_chk will always overflow destination buffer
In function 'strcpy',
    inlined from 'fwriteln_new' at fwriteln.c:236:
/usr/include/bits/string3.h:106: warning: call to __builtin___strcpy_chk will always overflow destination buffer


Line 195:    char prefix[2]="%";
Line 233:	 strcpy(prefix,"%-");
Line 236:	 strcpy(prefix,"%+");

The strcpy will copy an additional '\0' byte which will overflow the buffer.

Suggested fix:  increase the prefix buffer size


----------------------------------------------------------------------

>Comment By: SourceForge Robot (sf-robot)
Date: 2009-12-15 02:20

Message:
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).

----------------------------------------------------------------------

Comment By: IOhannes m zmlnig (zmoelnig)
Date: 2009-11-30 09:03

Message:
submitted with r18215

thanks

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478070&aid=2838114&group_id=55736




More information about the Pd-dev mailing list