On Sunday 21 February 2010, Alexander Neundorf wrote: >CMake 2.8.1 RC 3 is ready to try:
>http://www.cmake.org/files/v2.8/?C=M;O=D >Please try your projects with it. I need the attached patch to compile it with fortify checks (check for static buffer overflows) enabled. the cpu descriptions are simply longer than the allocated buffer, and the tar part is overwriting two fields with one command. Greetings, Dirk
--- Source/kwsys/SystemInformation.cxx +++ Source/kwsys/SystemInformation.cxx @@ -152,7 +152,7 @@ public: #define VENDOR_STRING_LENGTH (12 + 1) -#define CHIPNAME_STRING_LENGTH (48 + 1) +#define CHIPNAME_STRING_LENGTH (70 + 1) #define SERIALNUMBER_STRING_LENGTH (29 + 1) typedef struct tagID --- Utilities/cmtar/encode.c +++ Utilities/cmtar/encode.c @@ -32,7 +32,10 @@ int i, sum = 0; if (t->options & TAR_GNU) - strncpy(t->th_buf.magic, "ustar ", 8); + { + strncpy(t->th_buf.version, " ", TVERSLEN); + strncpy(t->th_buf.magic, "ustar", TMAGLEN); + } else { strncpy(t->th_buf.version, TVERSION, TVERSLEN);
_______________________________________________ Kde-buildsystem mailing list Kde-buildsystem@kde.org https://mail.kde.org/mailman/listinfo/kde-buildsystem