Package: dpkg Version: 1.9.21 Severity: normal Tags: patch The following patch fixes a off by one error in dpkg. It reads one past the allocated buffer.
I discovered it using valgrind, <URL:http://developer.kde.org/~sewardj/>. --- lib/parsehelp.c.orig Sun May 26 19:24:23 2002 +++ lib/parsehelp.c Sun May 26 19:22:34 2002 @@ -214,7 +214,7 @@ } else { rversion->epoch= 0; } - rversion->version= nfstrnsave(string,end-string+1); + rversion->version= nfstrnsave(string,end-string); hyphen= strrchr(rversion->version,'-'); if (hyphen) *hyphen++= 0; rversion->revision= hyphen ? hyphen : ""; -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux diskless 2.4.18-686 #2 Wed Mar 20 20:21:31 EST 2002 i686 Locale: LANG=C, LC_CTYPE=no_NO Versions of packages dpkg depends on: ii libc6 2.2.5-6 GNU C Library: Shared libraries an ii libncurses5 5.2.20020112a-7 Shared libraries for terminal hand ii libstdc++2.10-glibc2.2 1:2.95.4-7 The GNU stdc++ library -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
