Jima wrote:
Simon (et al),
Matt Domsch (who does periodic rebuilds of Fedora packages to offer early
warnings of failures) brought to my attention a couple of warnings
produced during the dnsmasq build process:
http://linux.dell.com/files/fedora/FixBuildRequires/mock-results-core/x86_64/dnsmasq-2.40-1.fc8.src.rpm/result/build.log
Particularly, I think he's concerned with:
dbus.c:115: warning: call to __builtin___memcpy_chk will always overflow
destination buffer
As my C skills are pitiful at best (probably more like "atrocious" by
now), I defer to you. False positive? Very bad thing? Whiny gcc? :-)
Real bug, at worst it will cause a memory overwrite and crash when the
dbus interface is used to set an IPv6 address for a nameserver. In
theory, that might be a security hole, _except_ that an attacker would
already have to be root to use the DBus interface in the first place.
Since there's no security implication, and only very rarely used
functionality is affected, I don't think there's any need to make a
special release. I've fixed the 2.41 tree.
The other warnings are trivial, the deprecated function ones have
already been fixed and I'll do the others just for completeness.
Thanks for passing these on.
Cheers,
Simon.
