[eso-midas] 01/01: Fix copy loop termination in prim/table/libsrc/tbmerge.c

Ole Streicher olebole at moszumanska.debian.org
Fri Apr 3 15:42:41 UTC 2015 

This is an automated email from the git hooks/post-receive script.

olebole pushed a commit to branch debian
in repository eso-midas.

commit 03c06b750ec58301da7e6f29e5f9b1edecccb061
Author: Ole Streicher <debian at liska.ath.cx>
Date:   Fri Apr 3 17:42:34 2015 +0200

    Fix copy loop termination in prim/table/libsrc/tbmerge.c
---
 debian/patches/fix_tbmerge_c.patch | 35 +++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 36 insertions(+)

diff --git a/debian/patches/fix_tbmerge_c.patch b/debian/patches/fix_tbmerge_c.patch
new file mode 100644
index 0000000..c920f9f
--- /dev/null
+++ b/debian/patches/fix_tbmerge_c.patch
@@ -0,0 +1,35 @@
+Author: Ole Streicher <olebole at debian.org>
+Description: Fix copy loop termination in prim/table/libsrc/tbmerge.c
+ The loop  that was fixed looks somehow weird, however: they seem to have
+ no (resp. not a really useful) effect; no idea what their intention is.
+ .
+ This crash appeared on i386, but not on x86_64:
+ .
+  ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffba392d at pc 0x80657a2 bp 0xffba2e98 sp 0xffba2e8c
+  READ of size 1 at 0xffba392d thread T0
+    #0 0x80657a1 in tbl_merge prim/table/libsrc/tbmerge.c:266
+    #1 0x804bfec in tk_cexec prim/edit/libsrc/tkeys.c:204
+    #2 0x804b54b in main prim/table/src/tdatatbl.c:107
+    #3 0xf6f64722 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19722)
+    #4 0x804b93f (prim/exec/tdatatbl.exe+0x804b93f)
+ .
+  Address 0xffba392d is located in stack of thread T0 at offset 2621 in frame
+    #0 0x806446f in tbl_merge prim/table/libsrc/tbmerge.c:68
+
+  This frame has 32 object(s):
+    [32, 36) 'kuni'
+   [...]
+    [2336, 2416) 'texto'
+    [2464, 2621) 'linesel' <== Memory access at offset 2621 overflows this variable
+
+--- a/prim/table/libsrc/tbmerge.c
++++ b/prim/table/libsrc/tbmerge.c
+@@ -261,7 +261,7 @@
+            while (len>80)
+            {
+             	ii = 0;
+-            	while (linesel[ii]) 
++            	while (linesel[ii+80])
+ 	    		{
+ 			linesel[ii] = linesel[ii+80];
+ 			ii++;    		    
diff --git a/debian/patches/series b/debian/patches/series
index 1a861fc..bf88f21 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -38,3 +38,4 @@ fix_mid_rdldb.patch
 fix_statis_for.patch
 fix_selechar_c.patch
 fix_esoext_i8flag.patch
+fix_tbmerge_c.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-astro/packages/eso-midas.git

More information about the debian-science-commits mailing list