Skip Menu |
 

This queue is for tickets about the MusicBrainz-DiscID CPAN distribution.

Report information
The Basics
Id: 98179
Status: new
Priority: 0/
Queue: MusicBrainz-DiscID

People
Owner: Nobody in particular
Requestors: dam [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Attachments


From: dam [...] cpan.org
Subject: [PATCH] stack corruption in discid_put
Download (untitled) / with headers
text/plain 1.2k
In Debian we are currently applying the following patch to MusicBrainz-DiscID. We thought you might be interested in it too. Description: stack corruption in discid_put This patch fixes two ways to corrupt the stack. One is by supplying more that 99 offset arguments. The offsets array is declared with space for 100 elements, but the first is reserved for the sectors argument. The patch addresses this by limitting the filling of offsets[] to 99 elements (plus the sectors argument which is in offsets[0]). It relies on libdiscid to return false if the request was for more than 99 offsets. . The second stack corruption is because of a typo in the initialization for() loop. Because of that, the for loop is essentially reduced to "i=100" and the following line (not part of the loop) sets offsets[100], which is beyond the allocated space for the array. Using memset is safer and probably faster. Author: Damyan Ivanov <dmn@debian.org> Bug-Debian: https://bugs.debian.org/758216 The patch is tracked in our Git repository at https://anonscm.debian.org/cgit/pkg-perl/packages/libmusicbrainz-discid-perl.git/plain/debian/patches/stack-corruption-discid_put.patch Thanks for considering, Damyan Ivanov, Debian Perl Group
Here's the patch.

Message body is not shown because sender requested not to inline it.



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.