Package: ogdi-dfsg Version: 3.2.0~beta2-7.1 Usertags: goto-cc During an analysis of all Debian packages using our research compiler tool-chain (using tools from the cbmc package) the following error was found:
When invoking vpf_close_table here http://sources.debian.net/src/ogdi-dfsg/3.2.0~beta2-7.1/ogdi/driver/vrf/vrf.c?hl=504#L504 the struct itself is passed as argument rather than the expected pointer-to-struct (missing & operator); line 414 has the same problem, but is currently #if 0-disabled. As a result, the first member of the struct will be interpreted as a pointer to that struct, which happens to be a char pointer - as such buffer overflows are to be expected. Best, Michael
pgpSKK6tIQxMt.pgp
Description: PGP signature
_______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel