** Tags added: regression-update

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to file in Ubuntu.
https://bugs.launchpad.net/bugs/1835596

Title:
  incorrect argument to file_printable in [PATCH] PR/62

Status in file package in Ubuntu:
  Confirmed

Bug description:
  In last patch below

  +From d65781527c8134a1202b2649695d48d5701ac60b Mon Sep 17 00:00:00 2001
  +From: Christos Zoulas <chris...@zoulas.com>
  +Date: Mon, 18 Feb 2019 17:46:56 +0000
  +Subject: [PATCH] PR/62: spinpx: limit size of file_printable.

  +===================================================================
  +--- file-5.32.orig/src/readelf.c     2019-03-13 12:38:58.854781641 -0400
  ++++ file-5.32/src/readelf.c  2019-03-13 12:39:43.450945506 -0400
  +@@ -725,7 +725,7 @@ do_core_note(struct magic_set *ms, unsig
  +                     if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
  +                         "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
  +                         file_printable(sbuf, sizeof(sbuf),
  +-                        CAST(char *, pi.cpi_name)),
  ++                        RCAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
  +                         elf_getu32(swap, pi.cpi_pid),
  +                         elf_getu32(swap, pi.cpi_euid),
  +                         elf_getu32(swap, pi.cpi_egid),
  +@@ -1564,7 +1564,8 @@ dophn_exec(struct magic_set *ms, int cla
  +             return -1;
  +     if (interp[0])
  +             if (file_printf(ms, ", interpreter %s",
  +-                file_printable(ibuf, sizeof(ibuf), interp)) == -1)
  ++                file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
  ++                    == -1)
  +                     return -1;
  +     return 0;
  + }

  sizeof(interp) is passed to file_printable as the `slen' parameter, since 
interp is of 
  type `char *', sizeof(interp) will be 8 or 4 const value for different 
pointer types, 
  this makes the `interpreter' extraction for elf file limited to 8 bytes under 
x64. 

  A example for this, under ubuntu 18.04:
  $ file /bin/dash
  /bin/dash: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), 
dynamically linked,
  interpreter /lib64/l, for GNU/Linux 3.2.0, 
BuildID[sha1]=a783260e3a5fe0afdae77417eea7f
  bf8d645219e, stripped

  notice that the interpreter portion is `/lib64/l', which is 8 bytes long and 
only a part
  of the actual interpreter path. 

  the `slen' parameter here should be something like `sizeof(char) * 
length_of_buffer'
  instead of sizeof(char *).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/file/+bug/1835596/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to