Package: dpkg Version: 1.15.8 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu ubuntu-patch maverick
t-ar overflows arh.ar_name by two bytes: one because the string it uses is 17 bytes long rather than 16, and one because it uses strcpy which writes a trailing \0. When compiling with -D_FORTIFY_SOURCE=2, as Ubuntu does by default, this crashes. Fix the string length and stop null-terminating it. --- lib/dpkg/test/t-ar.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/dpkg/test/t-ar.c b/lib/dpkg/test/t-ar.c index c7cfd88..4093995 100644 --- a/lib/dpkg/test/t-ar.c +++ b/lib/dpkg/test/t-ar.c @@ -29,11 +29,11 @@ test_ar_normalize_name(void) { struct ar_hdr arh; - strcpy(arh.ar_name, "member-name/ "); + strncpy(arh.ar_name, "member-name/ ", sizeof(arh.ar_name)); dpkg_ar_normalize_name(&arh); test_str(arh.ar_name, ==, "member-name"); - strcpy(arh.ar_name, "member-name "); + strncpy(arh.ar_name, "member-name ", sizeof(arh.ar_name)); dpkg_ar_normalize_name(&arh); test_str(arh.ar_name, ==, "member-name"); } -- 1.7.1 -- Colin Watson [cjwat...@ubuntu.com] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org