This patch addresses both items. ** Summary changed:
- build does not run tests in test/ directory + non-blocking items from MIR of iniparser: tests, 1 byte stack overflow ** Description changed: + The following changes were requested as part of the MIR of libiniparser: + + 1) build does not run tests in test/ directory Edit + The top level makefile contains a target 'check' which runs the tests under the test/ directory, but the 'check' target is not run during the build (and make is not run for the test/ directory manually either). Probably dh_auto_test should be overridden to also run 'make check' in the debian/rules file. + + 2) cherry-pick patch for 1-byte stack buffer overflow + + - During build gcc outputs the following warning: + src/iniparser.c: In function ‘iniparser_load’: + src/iniparser.c:791:32: warning: ‘__builtin___sprintf_chk’ may write a terminating nul past the end of the destination [-Wformat-overflow=] + - This happens at the following code: + + sprintf(tmp, "%s:%s", section, key); + + In this case, where tmp, section and key are declared as: + + char section [ASCIILINESZ+1] ; + char key [ASCIILINESZ+1] ; + char tmp [(ASCIILINESZ * 2) + 1] ; + + As such, at most section and key are both ASCIILINESZ plus 1 colon + separator fills then entire tmp buffer and leaves no space for a + terminating NUL - so this looks like a real bug which could result in + a 1-byte stack buffer overflow. This has already been fixed upstream + in + https://github.com/ndevilla/iniparser/commit/2412f165bcfde4ad8e3426fd59f2a920492b8c19 + so this patch should be integrated into our package. ** Patch added: "lp1915866+lp1913321-v2.patch" https://bugs.launchpad.net/ubuntu/+source/iniparser/+bug/1915866/+attachment/5472025/+files/lp1915866+lp1913321-v2.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915866 Title: non-blocking items from MIR of iniparser: tests, 1 byte stack overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iniparser/+bug/1915866/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
