Package: simulavr
Version: 0.1.2.2-6.1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
* src/{eeprom,flash,memory}.c: fix possible buffer overflow detected
by FORTIFY_SOURCE, see http://savannah.nongnu.org/bugs/?29049
* Add missing ${misc:Depends} to binary package dependencies.
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid
APT policy: (500, 'lucid')
Architecture: i386 (i686)
Kernel: Linux 2.6.31-20-generic (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
diff -u simulavr-0.1.2.2/debian/control simulavr-0.1.2.2/debian/control
--- simulavr-0.1.2.2/debian/control
+++ simulavr-0.1.2.2/debian/control
@@ -8,7 +8,7 @@
Package: simulavr
Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: xterm, gcc-avr, binutils-avr
Description: Atmel AVR simulator
simulavr simulates the Atmel AVR family of micro-controllers,
only in patch2:
unchanged:
--- simulavr-0.1.2.2.orig/src/eeprom.c
+++ simulavr-0.1.2.2/src/eeprom.c
@@ -392,7 +392,7 @@
line[0] = '\0';
}
snprintf (buf, 80, "%02x ", storage_readb (eeprom->stor, i));
- strncat (line, buf, 80);
+ strncat (line, buf, 80 - strlen(line) - 1);
}
if (dup > 0)
{
only in patch2:
unchanged:
--- simulavr-0.1.2.2.orig/src/memory.c
+++ simulavr-0.1.2.2/src/memory.c
@@ -416,7 +416,7 @@
line[0] = '\0';
}
snprintf (buf, 80, "%02x ", mem_read (mem, i));
- strncat (line, buf, 80);
+ strncat (line, buf, 80 - strlen(line) - 1);
}
if (dup > 0)
{
only in patch2:
unchanged:
--- simulavr-0.1.2.2.orig/src/flash.c
+++ simulavr-0.1.2.2/src/flash.c
@@ -252,7 +252,7 @@
line[0] = '\0';
}
snprintf (buf, 80, "%04x ", flash_read (flash, i));
- strncat (line, buf, 80);
+ strncat (line, buf, 80 - strlen(line) - 1);
}
if (dup > 0)
{
