On Mon, Feb 24, 2014 at 12:58:33PM +0000, Gianfranco Costamagna wrote: > Il Domenica 23 Febbraio 2014 10:39, Bart Martens <ba...@debian.org> ha > scritto: > >1. The patch makes the program use one additional position of the memory > >pointed to by buf. Are you sure that there will be no buffer overflow for > >any > >value of name without replacing 14 by 15 in the allocation ?
> I don't see any particular issues there. I couldn't follow your reasoning, so I took a closer look at the source code myself. I agree now that there is no added risk for a buffer overflow because /dev/ + 1 character is still smaller than /dev/cdroms/ . > >2. The package has a high popcon. Have you thoroughly tested the resulting > >package ? I would feel more comfortable if you would confirm that on bug > >719110. > > > > This is something I cannot really deeply test That answers my question. I'll test this myself before uploading. I see now that it's possible to test this on Debian by renaming /dev/cdrom to /dev/cdrom3 or so. Regards, Bart Martens -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
