[pacman-dev] small libdownload patch

Johannes Krampf Mon, 10 Nov 2008 10:24:52 -0800

Hi,

I've found a small compatibility problem and static checking a minor
buffer overflow in libdownload. Please excuse if this should already
be fixed in git.


Here's the patch, <stdint.h> is included for uintptr_t and fscanf
writes a trailing \0, therefore requiring 1025 bytes in the worst
case:

diff -Naurd libdownload-1.3/common.c libdownload-1.3-mod/common.c
--- libdownload-1.3/common.c    Thu May 24 04:30:59 2007
+++ libdownload-1.3-mod/common.c        Mon Nov 10 18:51:23 2008
@@ -42,6 +42,7 @@
 #include <netdb.h>
 #include <pwd.h>
 #include <stdarg.h>
+#include <stdint.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -634,7 +635,7 @@
 {
     static char word[1024];

-    if (fscanf(f, " %1024s ", word) != 1)
+    if (fscanf(f, " %1023s ", word) != 1)
         return (NULL);
     return (word);
 }


kind regards

Johannes
_______________________________________________
pacman-dev mailing list
[email protected]
http://archlinux.org/mailman/listinfo/pacman-dev

[pacman-dev] small libdownload patch

Reply via email to