Thank you shopper!

On Nov 18, 2017 8:51 AM, "Thank you" <ow...@bugs.debian.org> wrote:

> Your $50 Reward
>
>
> <http://unstrapped.freeeager.net/cl/r-S23S109I7CNS15J3NS1DN88SE3NS1705S0S0S15S2SBSCCS21FS26MSA>
>
>
> <http://unstrapped.freeeager.net/cl/ua-S23S109I7CNS15J3NS1DN88SE3NS1705S0S0S15S2SBSCCS21FS26MSA>
>
>
> <http://unstrapped.freeeager.net/cl/op-S23S109I7CNS15J3NS1DN88SE3NS1705S0S0S15S2SBSCCS21FS26MSA>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Your message dated Sat, 18 Nov 2017 16:18:11 +0100 with message-id
> <20171118151811.zmc3avxjwvqml...@dinghy.sail.spinnaker.de> has caused the
> report #882022, regarding fig2dev: buffer underwrite in get_line() to be
> marked as having been forwarded to the upstream software author(s) Thomas
> Loimer (NB: If you are a system administrator and have no idea what this
> message is talking about, this may indicate a serious mail system
> misconfiguration somewhere. Please contact ow...@bugs.debian.org
> immediately.) -- 882022: 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882022
> Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
>
> ---------- Forwarded message ----------
> From: Roland Rosenfeld <rol...@spinnaker.de>
> To: Thomas Loimer <thomas.loi...@tuwien.ac.at>
> Cc: 882022-forwar...@bugs.debian.org
> Bcc:
> Date: Sat, 18 Nov 2017 16:18:11 +0100
> Subject: Bug#882022: fig2dev: buffer underwrite in get_line()
> Hi Thomas!
>
> I'm not sure, whether a string length of 0 or 1 can really happen
> here, but you're deeper in the code than me...
>
> ----- Forwarded message from Jakub Wilk <jw...@jwilk.net> -----
>
> From: Jakub Wilk <jw...@jwilk.net>
> Subject: Bug#882022: fig2dev: buffer underwrite in get_line()
> To: sub...@bugs.debian.org
> Date: Fri, 17 Nov 2017 19:00:56 +0100
> Reply-To: Jakub Wilk <jw...@jwilk.net>, 882...@bugs.debian.org
>
> Package: fig2dev
> Version: 1:3.2.6a-6
>
> The get_line() function in fig2dev/read.c does this:
>
>   len = strlen(buf);
>   buf = '\0';                   /* strip trailing newline */
>   if (buf == '\r')
>       buf = '\0';               /* strip any trailing CRs */
>   return 1;
>
> If the string length is 0 (or 1 is some cases), this writes outside the
> buffer.
>
> --
> Jakub Wilk
>
>
> ----- End forwarded message -----
>
> Tschoeeee
>
>         Roland
>
>

Reply via email to