Your message dated Sat, 26 Nov 2011 10:14:44 -0800
with message-id <[email protected]>
and subject line Re: Bug#649506: nickle 2.71-1 fixes _FORTIFY_SOURCE crash
has caused the Debian Bug report #649506,
regarding nickle: crashes due to -D_FORTIFY_SOURCE=2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
649506: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649506
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nickle
Version: 2.70-1
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu precise ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
Nickle was crashing because eglibc's strcpy was aborting when the
destination string was 0-length. (This check is enabled by
-D_FORTIFY_SOURCE=2).
The recommended fix for such errors is to use strncpy instead of strcpy.
The attached patch makes that change; thanks for considering it.
This is Ubuntu bug https://launchpad.net/bugs/721636
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise')
Architecture: i386 (i686)
Kernel: Linux 3.1.0-2-generic-pae (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- nickle-2.70.orig/string.c
+++ nickle-2.70/string.c
@@ -246,7 +246,7 @@
Value ret;
ret = NewString (strlen (str));
- strcpy (StringChars (&ret->string), str);
+ strncpy (StringChars (&ret->string), str, ret->string.length);
RETURN (ret);
}
--- End Message ---
--- Begin Message ---
Package: nickle
Version: 2.71-1
On Sat, 26 Nov 2011 08:46:20 -0800, Kamal Mostafa <[email protected]> wrote:
> The crash is resolved by nickle 2.71-1 (it works fine even with
> _FORTIFY_SOURCE).
>
> Michael Terry's strncpy patch is still probably a good idea though, so
> leaving this bug open for maintainer review.
No, strncpy is wrong -- it doesn't copy the trailing '\0' byte. You
could use memcpy (adding one to length) if desired, but I don't see the
point; the code already 'trusts' the incoming string length.
In any case, the root cause of the bug was fixed by using 0-length
arrays at the end of various structs for variable-sized allocations.
--
[email protected]
pgpbKqqJTnCNr.pgp
Description: PGP signature
--- End Message ---
