|
Bugzilla – Full Text Bug Listing |
| Summary: | libkexif-0.2.2-3: 4 * array subscript out of range | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE LINUX 10.0 | Reporter: | David Binderman <dcb314> |
| Component: | Basesystem | Assignee: | Dirk Mueller <dmueller> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Minor | ||
| Priority: | P5 - None | CC: | meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | SuSE Linux 10.1 | ||
| Whiteboard: | |||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
actually -> kde-maintainers where did you get that compiler from? (In reply to comment #2) > where did you get that compiler from? my local GNU site + some local modifications by me. See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=8268 If only I could figure out how to apply the patch, valid for gcc 3.4, onto gcc 4.0 ... thanks. I'm working on a gcc patch. fix submitted - not security relevant as you can only overwrite off by one with a zero byte. (In reply to comment #4) > thanks. I'm working on a gcc patch. Hurrah ! >fix submitted - not security relevant as > you can only overwrite off by one with a zero byte. I sorry I don't understand this bit. Are you saying that it's ok to write one past the end of the array, if and only if you are writing a zero byte ? its not okay - still causing stack corruption. but its not influenceable by malcrafted images. it happens always. as such, I don't think it has security implications. Its fixed both upstream and in our package. closing again. |
I just tried to compile package libkexif-0.2.2-3 with a non standard version of the GNU C compiler. It said 1. ./libkexif/kexifdata.cpp:228: warning: array subscript out of range The source code is char val[1024]; exif_entry_get_value(entry, val, 1023); // just in case we don't get a null-terminated string val[1024] = '\0'; Suspect broken code. Suggest code rework. 2. ./libkexif/kexifdata.cpp:252: warning: array subscript out of range ./libkexif/kexifdata.cpp:271: warning: array subscript out of range ./libkexif/kexifentry.cpp:106: warning: array subscript out of range Duplicates.