[patch] Gtcd buffer overrun



On Fri, May 15, 1998 at 05:02:27AM +0100, Nuno Ferreira wrote:

[clip]
> gnome-media:
> gtcd corrupts server name. Just play around with properties, edit and goto
> and then press CDDB. The hostname will be corrupted but it's still correct
> in  properties.
> 
[clip]

Ok, now I've found it. It was a buffer overrun, an array is being created
with size=255 and 256 bytes are being copied.
Patch appended.

-- 
Nuno Ferreira
nmrf@rnl.ist.utl.pt
? tcd.diff
Index: Makefile.am
===================================================================
RCS file: /debian/home/gnomecvs/gnome-media/tcd/Makefile.am,v
retrieving revision 1.10
diff -u -r1.10 Makefile.am
--- Makefile.am	1998/05/14 17:47:02	1.10
+++ Makefile.am	1998/05/16 06:35:42
@@ -34,7 +34,7 @@
 
 gtcd_LDADD = 	$(GNOME_LIBDIR) \
 		$(GNOMEUI_LIBS) \
-		$(INTLLIBS)
+		$(INTLLIBS) -lefence
 
 tcd_LDADD = -lm -lncurses
 
Index: gcddb.c
===================================================================
RCS file: /debian/home/gnomecvs/gnome-media/tcd/gcddb.c,v
retrieving revision 1.8
diff -u -r1.8 gcddb.c
--- gcddb.c	1998/05/08 03:35:29	1.8
+++ gcddb.c	1998/05/16 06:35:43
@@ -91,12 +91,12 @@
 	start_id = gtk_signal_connect (GTK_OBJECT (startbutton), "clicked",
 		GTK_SIGNAL_FUNC(do_cddb), NULL);
 
-	snprintf( tmp, 256, "Server: %s:%d\n", props.cddb, props.cddbport );
+	snprintf( tmp, 255, "Server: %s:%d\n", props.cddb, props.cddbport );
         tmplabel = gtk_label_new(tmp);
 	gtk_box_pack_start( GTK_BOX(infobox), tmplabel, FALSE, TRUE, 0 );
 	if( props.use_http )
 	{
-		snprintf( tmp, 256, "HTTP %s Enabled\n", 
+		snprintf( tmp, 255, "HTTP %s Enabled\n", 
 			props.use_proxy?"and Proxy":"" );
 	        tmplabel = gtk_label_new(tmp);
 		gtk_box_pack_start( GTK_BOX(infobox), tmplabel, FALSE, TRUE, 0 );


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]