Package: libgcgi-dev Severity: important Tags: upstream Dear Maintainer,
I have foudn a crashing bug inlibgcgi, when used with Ubuntu 14.04, compiling with either gcc 4.84 or clang 3.4 The bug appears when handling form data with the multi/form-data encoding. To demnstrate the bug, comiple from source on the target system, and try running examples/gcgiFileUploadTest. The programme will terminate with a segfault. I expect the same outcome on any reasonably modern system. Compiling with -O0 allows the application to run, but either -O1 or -O2 shows the segfault. The bug seems to be due to a mistake in src/mime.c, round line 442 in mimeParseContentDescription. The line for(q=text, *q != '\r' && q < offest; p++); is clearly wrong, and should be for(q=text; *q != '\r' && q < offset; q++); The original leads to heap corruption, which casues a crash much later in unrelated parts of the code. I don't know if the defect is exploitable beyond denial of service. I can provide a minimal patch (the one byte change above), and a more extensive patch to clean up most of the other compiler warnings from clang 3.4. -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-38-generic (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash

