[Bug 1915866] Re: non-blocking items from MIR of iniparser: tests, 1 byte stack overflow

Launchpad Bug Tracker 1915866 at bugs.launchpad.net
Wed Mar 17 15:14:18 UTC 2021 

This bug was fixed in the package iniparser - 4.1-4ubuntu2

---------------
iniparser (4.1-4ubuntu2) hirsute; urgency=medium

  * Genericize long int tests to accomodate where sizeof(long int) != 8
    (LP: #1918456)

iniparser (4.1-4ubuntu1) hirsute; urgency=medium

  * Change tests so that a test failure will stop the build (LP: #1915866)
  * Improvements to build steps such that objects from test get cleaned up
  * Incorporate upstream commit 2412f165bcfde4ad8e3426fd59f2a920492b8c19 from
    PR #104 to address likely 1 byte stack buffer overflow
    (thanks Edik Ponomarenko)

 -- Dan Bungert <daniel.bungert at canonical.com>  Tue, 16 Mar 2021
11:42:53 -0600

** Changed in: iniparser (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to iniparser in Ubuntu.
Matching subscriptions: foundations-bugs-with-comments
https://bugs.launchpad.net/bugs/1915866

Title:
  non-blocking items from MIR of iniparser: tests, 1 byte stack overflow

Status in iniparser package in Ubuntu:
  Fix Released

Bug description:
  The following changes were requested as part of the MIR of
  libiniparser:

  1) build does not run tests in test/ directory Edit

  The top level makefile contains a target 'check' which runs the tests
  under the test/ directory, but the 'check' target is not run during
  the build (and make is not run for the test/ directory manually
  either).

  Probably dh_auto_test should be overridden to also run 'make check' in
  the debian/rules file.

  2) cherry-pick patch for 1-byte stack buffer overflow

  - During build gcc outputs the following warning:
        src/iniparser.c: In function ‘iniparser_load’:
        src/iniparser.c:791:32: warning: ‘__builtin___sprintf_chk’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
      - This happens at the following code:

        sprintf(tmp, "%s:%s", section, key);

        In this case, where tmp, section and key are declared as:

        char section [ASCIILINESZ+1] ;
        char key [ASCIILINESZ+1] ;
        char tmp [(ASCIILINESZ * 2) + 1] ;

        As such, at most section and key are both ASCIILINESZ plus 1 colon
        separator fills then entire tmp buffer and leaves no space for a
        terminating NUL - so this looks like a real bug which could result in
        a 1-byte stack buffer overflow. This has already been fixed upstream
        in
        https://github.com/ndevilla/iniparser/commit/2412f165bcfde4ad8e3426fd59f2a920492b8c19
        so this patch should be integrated into our package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iniparser/+bug/1915866/+subscriptions

More information about the foundations-bugs mailing list