[Reproducible-commits] [dpkg] 11/25: libdpkg: Swap deb name and member name in dpkg_ar_member_get_size()
Holger Levsen
holger at layer-acht.org
Tue May 3 08:43:54 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to annotated tag 1.16.16
in repository dpkg.
commit 2ddedea45a1e6ae2deb6e0d52aabcf2007430dfe
Author: Guillem Jover <guillem at debian.org>
Date: Sun May 11 08:11:22 2014 +0200
libdpkg: Swap deb name and member name in dpkg_ar_member_get_size()
Cherry picked from commit 9274fe071004f02dcd64eba5f40b342e40bc2fd1.
Otherwise we might perform an out of bounds buffer read access in the
error output on bogus member sizes.
---
debian/changelog | 2 ++
lib/dpkg/ar.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 085b498..211fff4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ dpkg (1.16.15+nmu1) UNRELEASED; urgency=low
* Do not leak color string on «dselect --color».
* Fix memory leaks when parsing alternatives.
* Fix memory leaks in buffer_copy() on error conditions.
+ * Fix possible out of bounds buffer read access in the error output on
+ bogus ar member sizes.
[ Updated scripts translations ]
* Fix typos in German (Helge Kreutzmann)
diff --git a/lib/dpkg/ar.c b/lib/dpkg/ar.c
index 3c07a59..d11a030 100644
--- a/lib/dpkg/ar.c
+++ b/lib/dpkg/ar.c
@@ -65,7 +65,7 @@ dpkg_ar_member_get_size(const char *ar_name, struct ar_hdr *arh)
if (*str < '0' || *str > '9')
ohshit(_("invalid character '%c' in archive '%.250s' "
"member '%.16s' size"),
- *str, arh->ar_name, ar_name);
+ *str, ar_name, arh->ar_name);
size *= 10;
size += *str++ - '0';
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list