Package: mxt-app
Version: 1.27-1
Severity: serious
Tags: sid + patch
Justification: FTBFS
User: debian-m...@lists.debian.org
Usertags: mips-patch
Hi,
Package mxt-app FTBFS on 32bit architectures with following error:
make --no-print-directory check-TESTS
FAIL: run-unit-tests
====================================
mxt-app 1.27: ./test-suite.log
====================================
# TOTAL: 1
# PASS: 0
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
FAIL: run-unit-tests
====================
[==========] Running 1 test(s).
[ RUN ] mxt_convert_hex_test
0x1a != 0
src/test/test_utilfuncs.c:65: error: Failure!
[ FAILED ] mxt_convert_hex_test
[==========] 1 test(s) run.
[ PASSED ] 0 test(s).
[ FAILED ] 1 test(s), listed below:
[ FAILED ] mxt_convert_hex_test
1 FAILED TEST(S)
FAIL run-unit-tests (exit status: 1)
build logs:
https://buildd.debian.org/status/fetch.php?pkg=mxt-app&arch=mips&ver=1.27-1&stamp=1465527085
https://buildd.debian.org/status/fetch.php?pkg=mxt-app&arch=mipsel&ver=1.27-1&stamp=1465521348
https://buildd.debian.org/status/fetch.php?pkg=mxt-app&arch=i386&ver=1.27-1&stamp=1464327106
The test is failing because of the undefined behaviour of strcpy() when dest
buffer is smaller than src buffer.
Bug is in mxt_convert_hex_test function in /src/test/test_utilfuncs.c file.
Destination buffer (hex) is 4 bytes, and on strcpy(hex, "0FAB"); there is no
space left to copy the null terminator.
The attached patch resolves buffer owerflow.
Patch is tested on i386, amd64, mips, mipsel, mips64el.
Earlier version was successfully built on 32bit architectures because there
were no tests.
Thank you!
Regards,
Daniel
--- mxt-app-1.27.orig/src/test/test_utilfuncs.c
+++ mxt-app-1.27/src/test/test_utilfuncs.c
@@ -43,7 +43,7 @@ void mxt_convert_hex_test(void **state)
{
/* test setup */
uint8_t databuf[5] = {0};
- char hex[4];
+ char hex[5];
uint16_t count;
int ret;
