[Bug 1915866] Re: non-blocking items from MIR of iniparser: tests, 1 byte stack overflow
Dan Bungert
1915866 at bugs.launchpad.net
Tue Mar 2 21:44:17 UTC 2021
This patch addresses both items.
** Summary changed:
- build does not run tests in test/ directory
+ non-blocking items from MIR of iniparser: tests, 1 byte stack overflow
** Description changed:
+ The following changes were requested as part of the MIR of libiniparser:
+
+ 1) build does not run tests in test/ directory Edit
+
The top level makefile contains a target 'check' which runs the tests
under the test/ directory, but the 'check' target is not run during the
build (and make is not run for the test/ directory manually either).
Probably dh_auto_test should be overridden to also run 'make check' in
the debian/rules file.
+
+ 2) cherry-pick patch for 1-byte stack buffer overflow
+
+ - During build gcc outputs the following warning:
+ src/iniparser.c: In function ‘iniparser_load’:
+ src/iniparser.c:791:32: warning: ‘__builtin___sprintf_chk’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
+ - This happens at the following code:
+
+ sprintf(tmp, "%s:%s", section, key);
+
+ In this case, where tmp, section and key are declared as:
+
+ char section [ASCIILINESZ+1] ;
+ char key [ASCIILINESZ+1] ;
+ char tmp [(ASCIILINESZ * 2) + 1] ;
+
+ As such, at most section and key are both ASCIILINESZ plus 1 colon
+ separator fills then entire tmp buffer and leaves no space for a
+ terminating NUL - so this looks like a real bug which could result in
+ a 1-byte stack buffer overflow. This has already been fixed upstream
+ in
+ https://github.com/ndevilla/iniparser/commit/2412f165bcfde4ad8e3426fd59f2a920492b8c19
+ so this patch should be integrated into our package.
** Patch added: "lp1915866+lp1913321-v2.patch"
https://bugs.launchpad.net/ubuntu/+source/iniparser/+bug/1915866/+attachment/5472025/+files/lp1915866+lp1913321-v2.patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to iniparser in Ubuntu.
Matching subscriptions: foundations-bugs-with-comments
https://bugs.launchpad.net/bugs/1915866
Title:
non-blocking items from MIR of iniparser: tests, 1 byte stack overflow
Status in iniparser package in Ubuntu:
In Progress
Bug description:
The following changes were requested as part of the MIR of
libiniparser:
1) build does not run tests in test/ directory Edit
The top level makefile contains a target 'check' which runs the tests
under the test/ directory, but the 'check' target is not run during
the build (and make is not run for the test/ directory manually
either).
Probably dh_auto_test should be overridden to also run 'make check' in
the debian/rules file.
2) cherry-pick patch for 1-byte stack buffer overflow
- During build gcc outputs the following warning:
src/iniparser.c: In function ‘iniparser_load’:
src/iniparser.c:791:32: warning: ‘__builtin___sprintf_chk’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
- This happens at the following code:
sprintf(tmp, "%s:%s", section, key);
In this case, where tmp, section and key are declared as:
char section [ASCIILINESZ+1] ;
char key [ASCIILINESZ+1] ;
char tmp [(ASCIILINESZ * 2) + 1] ;
As such, at most section and key are both ASCIILINESZ plus 1 colon
separator fills then entire tmp buffer and leaves no space for a
terminating NUL - so this looks like a real bug which could result in
a 1-byte stack buffer overflow. This has already been fixed upstream
in
https://github.com/ndevilla/iniparser/commit/2412f165bcfde4ad8e3426fd59f2a920492b8c19
so this patch should be integrated into our package.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iniparser/+bug/1915866/+subscriptions
More information about the foundations-bugs
mailing list