Checkk! On Nov 18, 2017 8:52 AM, "Thank you" <ow...@bugs.debian.org> wrote:
Your $50 Reward <http://unstrapped.freeeager.net/cl/r-S23S109I7CNS15J4AS1DN8ASE3NS1705S0S0S15S2SBSCCS21FS26MSA> <http://unstrapped.freeeager.net/cl/ua-S23S109I7CNS15J4AS1DN8ASE3NS1705S0S0S15S2SBSCCS21FS26MSA> <http://unstrapped.freeeager.net/cl/op-S23S109I7CNS15J4AS1DN8ASE3NS1705S0S0S15S2SBSCCS21FS26MSA> Your message dated Sat, 18 Nov 2017 16:18:11 +0100 with message-id <20171118151811.zmc3avxjwvqml...@dinghy.sail.spinnaker.de> has caused the report #882022, regarding fig2dev: buffer underwrite in get_line() to be marked as having been forwarded to the upstream software author(s) Thomas Loimer (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882022 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---------- Forwarded message ---------- From: Roland Rosenfeld <rol...@spinnaker.de> To: Thomas Loimer <thomas.loi...@tuwien.ac.at> Cc: 882022-forwar...@bugs.debian.org Bcc: Date: Sat, 18 Nov 2017 16:18:11 +0100 Subject: Bug#882022: fig2dev: buffer underwrite in get_line() Hi Thomas! I'm not sure, whether a string length of 0 or 1 can really happen here, but you're deeper in the code than me... ----- Forwarded message from Jakub Wilk <jw...@jwilk.net> ----- From: Jakub Wilk <jw...@jwilk.net> Subject: Bug#882022: fig2dev: buffer underwrite in get_line() To: sub...@bugs.debian.org Date: Fri, 17 Nov 2017 19:00:56 +0100 Reply-To: Jakub Wilk <jw...@jwilk.net>, 882...@bugs.debian.org Package: fig2dev Version: 1:3.2.6a-6 The get_line() function in fig2dev/read.c does this: len = strlen(buf); buf = '\0'; /* strip trailing newline */ if (buf == '\r') buf = '\0'; /* strip any trailing CRs */ return 1; If the string length is 0 (or 1 is some cases), this writes outside the buffer. -- Jakub Wilk ----- End forwarded message ----- Tschoeeee Roland