Hi, On Mon, 2007-06-11 at 09:29:37 -0700, H. S. Teoh wrote: > Package: dpkg > Version: 1.14.4 > Severity: normal > > Looks like there's some missing input sanitising in dpkg's command-line > processing: > > % dpkg -l \* \* > Segmentation fault
> I haven't looked in detail at what causes this. On one of my systems, > something like `dpkg -l cupsys \*` also segfaults, although it didn't on > this system. Running dpkg with two literal *'s causes segfaults on both > systems. > This probably should be fixed, in case there's an obscure security hole > somewhere in there. Note that this happens when running both as non-root > or as root. This happens on the qsort in src/query.c (listpackages), when it does an out-of-bounds access on the pkgf array. The problem is due to that function allocating a pkginfo structure with the size of all current packages, and when using '*' '*', it needs double the spaces. I'll fix this later. (Funny that I was staring at this function two few ago, and was pondering rewritting the allocating/sorting stuff a bit to resemble showpackages, which would have fixed this problem as a side effect :) thanks, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
