Package: ogdi-dfsg
Version: 3.2.0~beta2-7.1
Usertags: goto-cc

During an analysis of all Debian packages using our research compiler tool-chain
(using tools from the cbmc package) the following error was found:

When invoking vpf_close_table here

the struct itself is passed as argument rather than the expected
pointer-to-struct (missing & operator); line 414 has the same problem, but is
currently #if 0-disabled.

As a result, the first member of the struct will be interpreted as a pointer to
that struct, which happens to be a char pointer - as such buffer overflows are
to be expected.


Attachment: pgpSKK6tIQxMt.pgp
Description: PGP signature

Pkg-grass-devel mailing list

Reply via email to