[eso-midas] 02/03: Replace memcpy by strncpy in libsrc/st/scdx.c
Ole Streicher
olebole at moszumanska.debian.org
Tue Mar 31 19:52:43 UTC 2015
This is an automated email from the git hooks/post-receive script.
olebole pushed a commit to branch debian
in repository eso-midas.
commit 52bc53025bb63df28bfcbe516bea4ab943d03968
Author: Ole Streicher <debian at liska.ath.cx>
Date: Tue Mar 31 21:51:25 2015 +0200
Replace memcpy by strncpy in libsrc/st/scdx.c
---
debian/patches/fix_dio.patch | 101 +++++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 102 insertions(+)
diff --git a/debian/patches/fix_dio.patch b/debian/patches/fix_dio.patch
new file mode 100644
index 0000000..4a067d5
--- /dev/null
+++ b/debian/patches/fix_dio.patch
@@ -0,0 +1,101 @@
+Author: Ole Streicher <olebole at debian.org>
+Description: Replace memcpy by strncpy in libsrc/st/scdx.c
+ This is needed since the "Help" string there is often less than 71 bytes long,
+ and unconditionally copying overflows the "hkb" buffer during read. This leads
+ to crashes like this:
+ .
+ ERROR: AddressSanitizer: unknown-crash on address 0x7fff8d2bbfc3 at pc 0x7f4b7c4a7252 bp 0x7fff8d2bb3a0 sp 0x7fff8d2bb398
+ READ of size 71 at 0x7fff8d2bbfc3 thread T0
+ #0 0x7f4b7c4a7251 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:51
+ #1 0x7f4b7c4a7251 in xSCDHWD libsrc/st/scdx.c:263
+ #2 0x7f4b7c426355 in fitsckw prim/dio/libsrc/fitsckw.c:844
+ #3 0x7f4b7c43cee4 in fitsrhd prim/dio/libsrc/fitsrhd.c:258
+ #4 0x401d78 in main prim/dio/src/infile.c:223
+ #5 0x7f4b7bd53b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
+ #6 0x4024e2 (prim/exec/infile.exe+0x4024e2)
+ .
+ Address 0x7fff8d2bbfc3 is located in stack of thread T0 at offset 1939 in frame
+ #0 0x7f4b7c43b4af in fitsrhd prim/dio/libsrc/fitsrhd.c:98
+ .
+ This frame has 24 object(s):
+ [32, 36) 'm'
+ [96, 100) 'i'
+ [160, 164) 'n'
+ [224, 228) 'nz'
+ [288, 292) 'mfd'
+ [352, 356) 'mfdt'
+ [416, 420) 'istat'
+ [480, 484) 'dflag'
+ [544, 552) 'unit'
+ [608, 616) 'pc'
+ [672, 680) 'dx'
+ [736, 744) 'dy'
+ [800, 816) 'ff'
+ [864, 880) 'rotang'
+ [928, 980) 'na'
+ [1024, 1080) 'fdd'
+ [1120, 1176) 'fda'
+ [1216, 1272) 'fdb'
+ [1312, 1368) 'fdc'
+ [1408, 2008) 'kw' <== Memory access at offset 1939 partially overflows this variable
+ [2048, 2088) 'outnam'
+ [2144, 2184) 'helptext'
+ [2240, 2320) 'line'
+ [2368, 2488) 'ccunit'
+
+--- a/libsrc/st/scdx.c
++++ b/libsrc/st/scdx.c
+@@ -157,7 +157,7 @@
+ {
+ if (htext[0] != '\0')
+ {
+- (void) memcpy(help,htext,(size_t)71);
++ (void) strncpy(help,htext,(size_t)71);
+ help[71] = '\0';
+ }
+ }
+@@ -260,7 +260,7 @@
+ {
+ if (htext[0] != '\0')
+ {
+- (void) memcpy(help,htext,(size_t)71);
++ (void) strncpy(help,htext,(size_t)71);
+ help[71] = '\0';
+ }
+ }
+@@ -332,7 +332,7 @@
+ {
+ if (htext[0] != '\0')
+ {
+- (void) memcpy(help,htext,(size_t)71);
++ (void) strncpy(help,htext,(size_t)71);
+ help[71] = '\0';
+ }
+ }
+@@ -404,7 +404,7 @@
+ {
+ if (htext[0] != '\0')
+ {
+- (void) memcpy(help,htext,(size_t)71);
++ (void) strncpy(help,htext,(size_t)71);
+ help[71] = '\0';
+ }
+ }
+@@ -471,7 +471,7 @@
+ {
+ if (htext[0] != '\0')
+ {
+- (void) memcpy(help,htext,(size_t)71);
++ (void) strncpy(help,htext,(size_t)71);
+ help[71] = '\0';
+ }
+ }
+@@ -538,7 +538,7 @@
+ {
+ if (htext[0] != '\0')
+ {
+- (void) memcpy(help,htext,(size_t)71);
++ (void) strncpy(help,htext,(size_t)71);
+ help[71] = '\0';
+ }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 227c2ce..eac6d98 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -28,3 +28,4 @@ fix_txdisplay_c.patch
fix_modgcur_c.patch
fix_thelp_c.patch
qsort.patch
+fix_dio.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-astro/packages/eso-midas.git
More information about the debian-science-commits
mailing list