tag 582401 pending
thanks
Hello,
Bug #582401 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=db0b70b
---
commit db0b70bc26ec6f81242e4c34ae30cae81af8d3d1
Author: Colin Watson <[email protected]>
Date: Thu May 20 15:38:41 2010 +0100
lib/dpkg/test/t-ar.c: fix buffer overflow in ar test
t-ar overflows arh.ar_name by two bytes: one because the string it uses
is 17 bytes long rather than 16, and one because it uses strcpy which
writes a trailing \0. When compiling with -D_FORTIFY_SOURCE=2, as
Ubuntu does by default, this crashes. Fix the string length and stop
null-terminating it.
diff --git a/debian/changelog b/debian/changelog
index ab981b9..e70fe2a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,9 @@ dpkg (1.15.8) UNRELEASED; urgency=low
* Clarify description of dpkg --configure in dpkg(1). Thanks to Colin Watson
for the patch and to Robert Persson for the report.
Closes: #582406 LP: #77287
+ * Fix the non-regression test lib/dpkg/test/t-ar.c by not overflowing the
+ size of ar_name. Thanks to Colin Watson for the report, analysis and patch.
+ Closes: #582401
[ Guillem Jover ]
* Require gettext 0.18:
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
