Andreas Tille pushed to branch master at Debian Med / sweed
Commits: 715f1afe by Andreas Tille at 2024-12-03T09:27:21+01:00 Catch potential integer overflow to buffer overflow - - - - - 6b932c77 by Andreas Tille at 2024-12-03T09:27:36+01:00 Standards-Version: 4.7.0 (routine-update) - - - - - 33e2e1d7 by Andreas Tille at 2024-12-03T09:29:02+01:00 routine-update: Ready to upload to unstable - - - - - 4 changed files: - debian/changelog - debian/control - + debian/patches/integer_overflow.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,12 @@ +sweed (3.2.1+dfsg-6) unstable; urgency=medium + + * Team upload. + * Catch potential integer overflow to buffer overflow + Closes: #1080069 + * Standards-Version: 4.7.0 (routine-update) + + -- Andreas Tille <[email protected]> Tue, 03 Dec 2024 09:28:04 +0100 + sweed (3.2.1+dfsg-5) unstable; urgency=medium * Team upload. ===================================== debian/control ===================================== @@ -4,7 +4,7 @@ Uploaders: Steffen Moeller <[email protected]> Section: science Priority: optional Build-Depends: debhelper-compat (= 13) -Standards-Version: 4.5.0 +Standards-Version: 4.7.0 Vcs-Browser: https://salsa.debian.org/med-team/sweed Vcs-Git: https://salsa.debian.org/med-team/sweed.git Homepage: https://sco.h-its.org/exelixis/web/software/sweed/ ===================================== debian/patches/integer_overflow.patch ===================================== @@ -0,0 +1,20 @@ +Description: Catch potential integer overflow to buffer overflow +Bug-Debian: https://bugs.debian.or/1080069 +Author: Andreas Tille <[email protected]> +Last-Update: 2024-12-03 + +--- a/SweeD_Input.c ++++ b/SweeD_Input.c +@@ -3342,7 +3342,11 @@ void readAlignmentMS(FILE *fp, alignment + int i, temp = fscanf(fp,"%*s %d %*s", &alignment->segsites); + + assert(temp==1); +- ++ ++ if (alignment->segsites <= 0 || alignment->segsites > MAXINT / sizeof(int)) { ++ fprintf(stderr, "\n ERROR: Integer overflow in allocation size for positionsInd (alignment->segsites = %d)\n", alignment->segsites); ++ exit(0); ++ } + alignment->positions = malloc(sizeof(float)*alignment->segsites); + alignment->positionsInd = malloc(sizeof(int)*alignment->segsites); + ===================================== debian/patches/series ===================================== @@ -1,3 +1,4 @@ gcc10.patch hardening.patch arm64.patch +integer_overflow.patch View it on GitLab: https://salsa.debian.org/med-team/sweed/-/compare/25f3b0aac0956fafd7a03f958df74ffc01908600...33e2e1d7e2d783970a138b48494d15c1f64031ba -- View it on GitLab: https://salsa.debian.org/med-team/sweed/-/compare/25f3b0aac0956fafd7a03f958df74ffc01908600...33e2e1d7e2d783970a138b48494d15c1f64031ba You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-med-commit mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
