Skip Menu |
 

This queue is for tickets about the AI-MegaHAL CPAN distribution.

Report information
The Basics
Id: 43883
Status: open
Priority: 0/
Queue: AI-MegaHAL

People
Owner: Nobody in particular
Requestors: vpit [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 0.07
Fixed in: (no value)

Attachments


Subject: Buffer overflow leading to crashes on 64 bits arch when loading a brain
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Charset: utf8
X-RT-Original-Encoding: utf-8
Content-Type: multipart/mixed; boundary="----------=_1236271666-2264-253"
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 681
Download (untitled) / with headers
text/plain 681b
Hi, On my 64-bit system, I get the following warning when compiling : In function ‘fread’, inlined from ‘load_dictionary’ at libmegahal.c:1388, inlined from ‘load_model’ at libmegahal.c:2018, inlined from ‘load_personality’ at libmegahal.c:3291, inlined from ‘change_personality’ at libmegahal.c:3340: /usr/include/bits/stdio2.h:285: warning : call to ‘__fread_chk_warn’ declared with attribute warning: fread called with bigger size * nmemb than length of destination buffer The module also aborts violently when loading a brain file (e.g. when running the testsuite twice). The attached patch fix the warning and the crashes. Vincent.
Subject: libmegahal-load-size.patch
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1236271651-2264-252"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Charset: utf8
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: iso-8859-1
Content-Length: 0
Content-Type: application/octet-stream; name="libmegahal-load-size.patch"
Content-Disposition: inline; filename="libmegahal-load-size.patch"
Content-Transfer-Encoding: base64
Content-Length: 330
--- libmegahal.c 2008-01-24 18:21:24.000000000 +0100 +++ libmegahal.c 2009-03-05 17:44:03.000000000 +0100 @@ -1383,7 +1383,7 @@ void load_dictionary(FILE *file, DICTIONARY *dictionary) { unsigned int i; - int size; + BYTE4 size; fread(&size, sizeof(BYTE4), 1, file); progress("Loading dictionary", 0, 1);
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-10809-1329685727-1014.43883-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 29
Thanks so much for the patch!


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.