On Sunday 21 February 2010, Alexander Neundorf wrote:
>CMake 2.8.1 RC 3 is ready to try:
>http://www.cmake.org/files/v2.8/?C=M;O=D
>Please try your projects with it.
I need the attached patch to compile it with fortify checks (check for static
buffer overflows) enabled. the cpu descriptions are simply longer than the
allocated buffer, and the tar part is overwriting two fields with one command.
Greetings,
Dirk
--- Source/kwsys/SystemInformation.cxx
+++ Source/kwsys/SystemInformation.cxx
@@ -152,7 +152,7 @@
public:
#define VENDOR_STRING_LENGTH (12 + 1)
-#define CHIPNAME_STRING_LENGTH (48 + 1)
+#define CHIPNAME_STRING_LENGTH (70 + 1)
#define SERIALNUMBER_STRING_LENGTH (29 + 1)
typedef struct tagID
--- Utilities/cmtar/encode.c
+++ Utilities/cmtar/encode.c
@@ -32,7 +32,10 @@
int i, sum = 0;
if (t->options & TAR_GNU)
- strncpy(t->th_buf.magic, "ustar ", 8);
+ {
+ strncpy(t->th_buf.version, " ", TVERSLEN);
+ strncpy(t->th_buf.magic, "ustar", TMAGLEN);
+ }
else
{
strncpy(t->th_buf.version, TVERSION, TVERSLEN);
_______________________________________________
Kde-buildsystem mailing list
Kde-buildsystem@kde.org
https://mail.kde.org/mailman/listinfo/kde-buildsystem
