Package: dpkg
Version: 1.15.8
Severity: important
Tags: patch
User: [email protected]
Usertags: origin-ubuntu ubuntu-patch maverick
t-ar overflows arh.ar_name by two bytes: one because the string it uses
is 17 bytes long rather than 16, and one because it uses strcpy which
writes a trailing \0. When compiling with -D_FORTIFY_SOURCE=2, as
Ubuntu does by default, this crashes. Fix the string length and stop
null-terminating it.
---
lib/dpkg/test/t-ar.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/dpkg/test/t-ar.c b/lib/dpkg/test/t-ar.c
index c7cfd88..4093995 100644
--- a/lib/dpkg/test/t-ar.c
+++ b/lib/dpkg/test/t-ar.c
@@ -29,11 +29,11 @@ test_ar_normalize_name(void)
{
struct ar_hdr arh;
- strcpy(arh.ar_name, "member-name/ ");
+ strncpy(arh.ar_name, "member-name/ ", sizeof(arh.ar_name));
dpkg_ar_normalize_name(&arh);
test_str(arh.ar_name, ==, "member-name");
- strcpy(arh.ar_name, "member-name ");
+ strncpy(arh.ar_name, "member-name ", sizeof(arh.ar_name));
dpkg_ar_normalize_name(&arh);
test_str(arh.ar_name, ==, "member-name");
}
--
1.7.1
--
Colin Watson [[email protected]]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
