This is probably a different but related issue.
If I find time to do so, I'll upload a fixed package soon, but on the
long run, I plan to remove modlogan from the archive, since it is
unmaintained upstream.
---
Hello,
first: sorry for mailing you directly, but as openSUSE user I'm not
too
familiar with the debian bugtracking methods ;-)
I found (and fixed) a buffer overflow in modlogan's
output/modlogan/pic_pie.c. Since upstream development seems to be
dead,
I'm mailing you directly so you can include it in the debian package.
(I also submitted the patch to the maintainer of the (inofficial)
openSUSE package.)
diff -u -p -r modlogan-0.8.13_ORIG//src/output/modlogan/pic_pie.c
modlogan-0.8.13/src/output/modlogan/pic_pie.c
--- modlogan-0.8.13_ORIG//src/output/modlogan/pic_pie.c 2004-03-18
+++ modlogan-0.8.13/src/output/modlogan/pic_pie.c 2009-11-16
@@ -222,7 +222,7 @@ int mplugin_modlogan_create_pie(mconfig
oldx2 = x2;
oldy2 = y2;
- sprintf(numstr, "%%2d%%%% %%.%ds", IM_TEXT_LEN-5);
+ sprintf(numstr, "%%2d%%%% %%.%ds", IM_TEXT_LEN-6);
sprintf(str, numstr, (int)(percent * 100),
graph->pairs[i]->name);
Short description: the buffer will overflow if percent == 100.
Long description: see
https://bugzilla.novell.com/show_bug.cgi?id=517602
(includes a backtrace and a detailed description - ask for a
translation
of the german part if needed).
I also opened a bugreport at sourceforge, but I have no idea if
there's
someone to handle it. For the records:
https://sourceforge.net/support/tracker.php?aid=2904725
BTW: you have modlogan 0.8.13-4, while I only know 0.8.13. Is there a
recent official release I did not find?
Gruß
Christian Boltz
--
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
