Package: make Version: 4.2.1-1.1 Severity: important Dear Maintainer,
we are using dependency files when static linking .a file build with ar -U. I noticed that some libraries failed with "no rule to make target xxx.a(yyy.o)" which would change when I moved the o-files around within the lib. It did not happen with the upstream make-4.2.1 tar-ball By bisecting the patches applied I found a patch to arscan.c to be the culprit. Around line 669 of the patched arscan.c file it reads: int name_off = atoi (name + 1); if (name_off < 1 || name_off > ARNAME_MAX) goto invalid; name = namemap + name_off; I recon name_off is a pointer index which is added to the namemap pointer. In this case, the check for name length violation does/should not apply here, or must be safeguarded differently. Removing the if let us compile again. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages make depends on: ii libc6 2.27-5 make recommends no packages. Versions of packages make suggests: pn make-doc <none> -- no debconf information -------------------------------------------------------------------------------------------------------------------------------------------- Philipp Wolski - KISTERS AG - Haselriege 13 - 26125 Oldenburg - Germany Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers Phone: +49 441 93602 -158 | Fax: +49 441 93602 -222 | E-Mail: philipp.wol...@kisters.de | WWW: http://www.kisters.de -------------------------------------------------------------------------------------------------------------------------------------------- Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.